Fips checksums #1

t8m · 2021-05-11T15:36:27Z

Checklist

documentation is added or updated
tests are added or updated

Direct leak of 4 byte(s) in 1 object(s) allocated from: #0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3 #1 0x57af0d in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12 #2 0x57af0d in CRYPTO_realloc /src/openssl/crypto/mem.c:207:16 #3 0x569d17 in BUF_MEM_grow /src/openssl/crypto/buffer/buffer.c:97:15 #4 0x5c3629 in str_copy /src/openssl/crypto/conf/conf_def.c:642:10 #5 0x5c1cc1 in def_load_bio /src/openssl/crypto/conf/conf_def.c:452:22 openssl#6 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12 openssl#7 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5 openssl#8 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12 openssl#9 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp openssl#10 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 openssl#11 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp openssl#12 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#16813)

Direct leak of 2 byte(s) in 1 object(s) allocated from: #0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3 #1 0x57acd9 in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12 #2 0x57e106 in CRYPTO_strdup /src/openssl/crypto/o_str.c:24:11 #3 0x5c139f in def_load_bio /src/openssl/crypto/conf/conf_def.c:427:45 #4 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12 #5 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5 openssl#6 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12 openssl#7 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp openssl#8 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 openssl#9 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp openssl#10 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 openssl#11 0x7f15336bf0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#16813)

Direct leak of 4 byte(s) in 1 object(s) allocated from: #0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3 #1 0x57af0d in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12 #2 0x57af0d in CRYPTO_realloc /src/openssl/crypto/mem.c:207:16 #3 0x569d17 in BUF_MEM_grow /src/openssl/crypto/buffer/buffer.c:97:15 #4 0x5c3629 in str_copy /src/openssl/crypto/conf/conf_def.c:642:10 #5 0x5c1cc1 in def_load_bio /src/openssl/crypto/conf/conf_def.c:452:22 openssl#6 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12 openssl#7 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5 openssl#8 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12 openssl#9 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp openssl#10 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 openssl#11 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp openssl#12 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#16813) (cherry picked from commit 74b4858)

Direct leak of 2 byte(s) in 1 object(s) allocated from: #0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3 #1 0x57acd9 in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12 #2 0x57e106 in CRYPTO_strdup /src/openssl/crypto/o_str.c:24:11 #3 0x5c139f in def_load_bio /src/openssl/crypto/conf/conf_def.c:427:45 #4 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12 #5 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5 openssl#6 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12 openssl#7 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp openssl#8 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 openssl#9 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp openssl#10 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 openssl#11 0x7f15336bf0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#16813) (cherry picked from commit 19b30f1)

This happens usually if an template object is created and there is an out of memory error before the ASN1_OP_NEW_POST method is called, but asn1_item_embed_free calls now the ASN1_OP_FREE_POST which may crash because the object is not properly initialized. Apparently that is only an issue with the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which ought to be tolerant to incomplete initialized objects. The error can be reproduced with the reproducible error injection patch: $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4 #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114 #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318 #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78 openssl#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240 openssl#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 openssl#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240 openssl#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 openssl#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 openssl#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 openssl#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 openssl#21 0x40893b in testfile fuzz/test-corpus.c:182 openssl#22 0x406b86 in main fuzz/test-corpus.c:226 openssl#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer:DEADLYSIGNAL ================================================================= ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0) ==1194==The signal is caused by a READ memory access. ==1194==Hint: address points to the zero page. #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258 #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113 #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150 #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 openssl#14 0x40893b in testfile fuzz/test-corpus.c:182 openssl#15 0x406b86 in main fuzz/test-corpus.c:226 openssl#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb ==1194==ABORTING Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#18360)

This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: ================================================================= ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 openssl#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 openssl#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 openssl#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 openssl#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 openssl#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 openssl#11 0x40370b in testfile fuzz/test-corpus.c:182 openssl#12 0x402846 in main fuzz/test-corpus.c:226 openssl#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#18366)

This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d ERROR_INJECT=1653267699 #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 openssl#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 openssl#7 0x55c12d267c7f in main fuzz/test-corpus.c:226 openssl#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 openssl#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) ================================================================= ==1058475==ERROR: LeakSanitizer: detected memory leaks Direct leak of 268 byte(s) in 1 object(s) allocated from: #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 openssl#6 0x55c12d267c7f in main fuzz/test-corpus.c:226 openssl#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#18371)

Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 openssl#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 openssl#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 openssl#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 openssl#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 openssl#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 openssl#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 openssl#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 openssl#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 openssl#14 0x40371b in testfile fuzz/test-corpus.c:182 openssl#15 0x402856 in main fuzz/test-corpus.c:226 openssl#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL ================================================================= ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 openssl#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 openssl#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 openssl#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 openssl#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 openssl#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 openssl#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 openssl#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 openssl#13 0x40371b in testfile fuzz/test-corpus.c:182 openssl#14 0x402856 in main fuzz/test-corpus.c:226 openssl#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#18376)

This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1 log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out ERROR_INJECT=1653520461 #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129 #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198 #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242 #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168 #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111 openssl#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246 openssl#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 openssl#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 openssl#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 openssl#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 openssl#24 0x402bbb in testfile fuzz/test-corpus.c:182 openssl#25 0x402626 in main fuzz/test-corpus.c:226 openssl#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706) ================================================================= ==29625==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209 #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928 #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577 #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178 openssl#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142 openssl#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97 openssl#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246 openssl#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 openssl#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 openssl#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 openssl#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 openssl#29 0x402bbb in testfile fuzz/test-corpus.c:182 openssl#30 0x402626 in main fuzz/test-corpus.c:226 openssl#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s). Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#18391)

This happens usually if an template object is created and there is an out of memory error before the ASN1_OP_NEW_POST method is called, but asn1_item_embed_free calls now the ASN1_OP_FREE_POST which may crash because the object is not properly initialized. Apparently that is only an issue with the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which ought to be tolerant to incomplete initialized objects. The error can be reproduced with the reproducible error injection patch: $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4 #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114 #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318 #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78 openssl#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240 openssl#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 openssl#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240 openssl#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 openssl#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 openssl#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 openssl#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 openssl#21 0x40893b in testfile fuzz/test-corpus.c:182 openssl#22 0x406b86 in main fuzz/test-corpus.c:226 openssl#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer:DEADLYSIGNAL ================================================================= ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0) ==1194==The signal is caused by a READ memory access. ==1194==Hint: address points to the zero page. #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258 #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113 #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150 #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 openssl#14 0x40893b in testfile fuzz/test-corpus.c:182 openssl#15 0x406b86 in main fuzz/test-corpus.c:226 openssl#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb ==1194==ABORTING Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#18360) (cherry picked from commit 557825a)

This is reproducible with my error injection patch: $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: ================================================================= ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 openssl#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 openssl#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 openssl#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 openssl#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 openssl#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 openssl#11 0x40370b in testfile fuzz/test-corpus.c:182 openssl#12 0x402846 in main fuzz/test-corpus.c:226 openssl#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#18361)

This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1 log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out ERROR_INJECT=1653520461 #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129 #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198 #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242 #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168 #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111 openssl#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246 openssl#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 openssl#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 openssl#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 openssl#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 openssl#24 0x402bbb in testfile fuzz/test-corpus.c:182 openssl#25 0x402626 in main fuzz/test-corpus.c:226 openssl#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706) ================================================================= ==29625==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209 #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928 #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577 #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178 openssl#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142 openssl#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97 openssl#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246 openssl#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 openssl#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 openssl#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 openssl#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 openssl#29 0x402bbb in testfile fuzz/test-corpus.c:182 openssl#30 0x402626 in main fuzz/test-corpus.c:226 openssl#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s). Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#18391) (cherry picked from commit e9007e0)

This happens usually if an template object is created and there is an out of memory error before the ASN1_OP_NEW_POST method is called, but asn1_item_embed_free calls now the ASN1_OP_FREE_POST which may crash because the object is not properly initialized. Apparently that is only an issue with the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which ought to be tolerant to incomplete initialized objects. The error can be reproduced with the reproducible error injection patch: $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4 #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114 #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318 #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78 openssl#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240 openssl#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 openssl#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240 openssl#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 openssl#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 openssl#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 openssl#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 openssl#21 0x40893b in testfile fuzz/test-corpus.c:182 openssl#22 0x406b86 in main fuzz/test-corpus.c:226 openssl#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer:DEADLYSIGNAL ================================================================= ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0) ==1194==The signal is caused by a READ memory access. ==1194==Hint: address points to the zero page. #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258 #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113 #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150 #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 openssl#14 0x40893b in testfile fuzz/test-corpus.c:182 openssl#15 0x406b86 in main fuzz/test-corpus.c:226 openssl#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb ==1194==ABORTING Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#18360) (cherry picked from commit 557825a)

This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: ================================================================= ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 openssl#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 openssl#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 openssl#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 openssl#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 openssl#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 openssl#11 0x40370b in testfile fuzz/test-corpus.c:182 openssl#12 0x402846 in main fuzz/test-corpus.c:226 openssl#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#18366) (cherry picked from commit 22a96c6)

This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d ERROR_INJECT=1653267699 #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 openssl#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 openssl#7 0x55c12d267c7f in main fuzz/test-corpus.c:226 openssl#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 openssl#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) ================================================================= ==1058475==ERROR: LeakSanitizer: detected memory leaks Direct leak of 268 byte(s) in 1 object(s) allocated from: #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 openssl#6 0x55c12d267c7f in main fuzz/test-corpus.c:226 openssl#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#18371) (cherry picked from commit b7e28c0)

Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 openssl#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 openssl#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 openssl#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 openssl#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 openssl#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 openssl#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 openssl#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 openssl#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 openssl#14 0x40371b in testfile fuzz/test-corpus.c:182 openssl#15 0x402856 in main fuzz/test-corpus.c:226 openssl#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL ================================================================= ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 openssl#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 openssl#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 openssl#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 openssl#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 openssl#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 openssl#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 openssl#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 openssl#13 0x40371b in testfile fuzz/test-corpus.c:182 openssl#14 0x402856 in main fuzz/test-corpus.c:226 openssl#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#18376) (cherry picked from commit dc0ef29)

This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1 log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out ERROR_INJECT=1653520461 #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129 #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198 #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242 #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168 #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111 openssl#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246 openssl#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 openssl#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 openssl#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 openssl#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 openssl#24 0x402bbb in testfile fuzz/test-corpus.c:182 openssl#25 0x402626 in main fuzz/test-corpus.c:226 openssl#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706) ================================================================= ==29625==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209 #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928 #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577 #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178 openssl#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142 openssl#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97 openssl#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246 openssl#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 openssl#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 openssl#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 openssl#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 openssl#29 0x402bbb in testfile fuzz/test-corpus.c:182 openssl#30 0x402626 in main fuzz/test-corpus.c:226 openssl#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s). Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#18391) (cherry picked from commit e9007e0)

This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402f84 in my_malloc fuzz/test-corpus.c:114 #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 openssl#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 openssl#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 openssl#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 openssl#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 openssl#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 openssl#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 openssl#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#26 0x402afb in testfile fuzz/test-corpus.c:182 openssl#27 0x402656 in main fuzz/test-corpus.c:226 openssl#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) ================================================================= ==12221==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 openssl#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 openssl#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 openssl#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#22 0x402afb in testfile fuzz/test-corpus.c:182 openssl#23 0x402656 in main fuzz/test-corpus.c:226 openssl#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) Indirect leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 openssl#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 openssl#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 openssl#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 openssl#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#23 0x402afb in testfile fuzz/test-corpus.c:182 openssl#24 0x402656 in main fuzz/test-corpus.c:226 openssl#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Kurt Roeckx <[email protected]> (Merged from openssl#18633)

This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402f84 in my_malloc fuzz/test-corpus.c:114 #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 openssl#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 openssl#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 openssl#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 openssl#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 openssl#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 openssl#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 openssl#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#26 0x402afb in testfile fuzz/test-corpus.c:182 openssl#27 0x402656 in main fuzz/test-corpus.c:226 openssl#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) ================================================================= ==12221==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 openssl#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 openssl#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 openssl#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#22 0x402afb in testfile fuzz/test-corpus.c:182 openssl#23 0x402656 in main fuzz/test-corpus.c:226 openssl#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) Indirect leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 openssl#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 openssl#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 openssl#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 openssl#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#23 0x402afb in testfile fuzz/test-corpus.c:182 openssl#24 0x402656 in main fuzz/test-corpus.c:226 openssl#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Kurt Roeckx <[email protected]> (Merged from openssl#18633) (cherry picked from commit be50862)

Running test_tfo_cli under asan yields ==166214==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000d57c at pc 0x03ffa004ed86 bp 0x03ffe2977e80 sp 0x03ffe2977668 READ of size 112 at 0x60700000d57c thread T0 #0 0x3ffa004ed85 in memcpy (/lib64/libasan.so.8+0x4ed85) #1 0x3ff9f3615b7 in BIO_ADDR_dup crypto/bio/bio_addr.c:77 [...] and fails the test. Fix this by copying the right structure of the union. Signed-off-by: Juergen Christ <[email protected]> Reviewed-by: Todd Short <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#18979)

Running bio_tfo_test under asan yields ==172342==ERROR: LeakSanitizer: detected memory leaks Direct leak of 380 byte(s) in 5 object(s) allocated from: #0 0x3ff89bba251 in malloc (/lib64/libasan.so.8+0xba251) #1 0x3ff88cf9fd5 in gaih_inet.constprop.0 (/lib64/libc.so.6+0xf9fd5) #2 0x3ff88cfaf6f in getaddrinfo (/lib64/libc.so.6+0xfaf6f) #3 0x3ff89ba52a9 in __interceptor_getaddrinfo.part.0 (/lib64/libasan.so.8+0xa52a9) #4 0x1004909 in test_fd_tfo test/bio_tfo_test.c:241 [...] and fails the test. Fix this by freeing the return addrinfo on exit. Signed-off-by: Juergen Christ <[email protected]> Reviewed-by: Todd Short <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#18979)

Leak sanitizer reports following leak for ssl-test-new subtest 4-tlsv1_2-both-compress: ==335733==ERROR: LeakSanitizer: detected memory leaks Direct leak of 17728 byte(s) in 1 object(s) allocated from: #0 0x3ff9fbba251 in malloc (/usr/lib64/libasan.so.8+0xba251) #1 0x3ff9f71744f in tls_do_uncompress ssl/record/methods/tls_common.c:868 #2 0x3ff9f7175bd in tls_default_post_process_record ssl/record/methods/tls_common.c:896 #3 0x3ff9f715ee7 in tls_get_more_records ssl/record/methods/tls_common.c:773 #4 0x3ff9f712209 in tls_read_record ssl/record/methods/tls_common.c:958 #5 0x3ff9f6ef73f in ssl3_read_bytes ssl/record/rec_layer_s3.c:1235 openssl#6 0x3ff9f776165 in tls_get_message_header ssl/statem/statem_lib.c:1198 openssl#7 0x3ff9f74709b in read_state_machine ssl/statem/statem.c:624 openssl#8 0x3ff9f74709b in state_machine ssl/statem/statem.c:478 openssl#9 0x3ff9f662e61 in SSL_do_handshake ssl/ssl_lib.c:4430 openssl#10 0x100c55d in do_handshake_step test/helpers/handshake.c:775 openssl#11 0x100c55d in do_connect_step test/helpers/handshake.c:1134 openssl#12 0x100e85b in do_handshake_internal test/helpers/handshake.c:1544 openssl#13 0x1011715 in do_handshake test/helpers/handshake.c:1738 openssl#14 0x101d1a7 in test_handshake test/ssl_test.c:543 openssl#15 0x1027875 in run_tests test/testutil/driver.c:370 openssl#16 0x1008393 in main test/testutil/main.c:30 openssl#17 0x3ff9cc2b871 in __libc_start_call_main (/usr/lib64/libc.so.6+0x2b871) openssl#18 0x3ff9cc2b94f in __libc_start_main_alias_2 (/usr/lib64/libc.so.6+0x2b94f) openssl#19 0x100864f (/code/openssl/test/ssl_test+0x100864f) Direct leak of 17728 byte(s) in 1 object(s) allocated from: #0 0x3ff9fbba251 in malloc (/usr/lib64/libasan.so.8+0xba251) #1 0x3ff9f71744f in tls_do_uncompress ssl/record/methods/tls_common.c:868 #2 0x3ff9f7175bd in tls_default_post_process_record ssl/record/methods/tls_common.c:896 #3 0x3ff9f715ee7 in tls_get_more_records ssl/record/methods/tls_common.c:773 #4 0x3ff9f712209 in tls_read_record ssl/record/methods/tls_common.c:958 #5 0x3ff9f6ef73f in ssl3_read_bytes ssl/record/rec_layer_s3.c:1235 openssl#6 0x3ff9f776165 in tls_get_message_header ssl/statem/statem_lib.c:1198 openssl#7 0x3ff9f74709b in read_state_machine ssl/statem/statem.c:624 openssl#8 0x3ff9f74709b in state_machine ssl/statem/statem.c:478 openssl#9 0x3ff9f662e61 in SSL_do_handshake ssl/ssl_lib.c:4430 openssl#10 0x100c55d in do_handshake_step test/helpers/handshake.c:775 openssl#11 0x100c55d in do_connect_step test/helpers/handshake.c:1134 openssl#12 0x1010b09 in do_handshake_internal test/helpers/handshake.c:1550 openssl#13 0x1011715 in do_handshake test/helpers/handshake.c:1738 openssl#14 0x101d1a7 in test_handshake test/ssl_test.c:543 openssl#15 0x1027875 in run_tests test/testutil/driver.c:370 openssl#16 0x1008393 in main test/testutil/main.c:30 openssl#17 0x3ff9cc2b871 in __libc_start_call_main (/usr/lib64/libc.so.6+0x2b871) openssl#18 0x3ff9cc2b94f in __libc_start_main_alias_2 (/usr/lib64/libc.so.6+0x2b94f) openssl#19 0x100864f (/code/openssl/test/ssl_test+0x100864f) SUMMARY: AddressSanitizer: 35456 byte(s) leaked in 2 allocation(s). Fix this by freeing the SSL3_RECORD structure inside the OSSL_RECORD_LAYER. Signed-off-by: Juergen Christ <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#19030)

While POSIX threads are cancellable and may be asynchronously cancelled, their cancellation is not guaranteed by the POSIX standard. test_thread_noreturn, which simulates a long-running possibly unresponsive thread: THREAD #1 THREAD #2 LOCK L1 SPAWN #2 LOCK L1 On MacOS, cancelling such thread only queues cancellation request, but the following pthread_join hangs. Replace this implementation by an unbounded sequence of sleeps instead. Signed-off-by: Čestmír Kalina <[email protected]> Reviewed-by: Hugo Landau <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#19433)

This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402f84 in my_malloc fuzz/test-corpus.c:114 #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 openssl#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 openssl#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 openssl#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 openssl#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 openssl#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 openssl#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 openssl#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#26 0x402afb in testfile fuzz/test-corpus.c:182 openssl#27 0x402656 in main fuzz/test-corpus.c:226 openssl#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) ================================================================= ==12221==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 openssl#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 openssl#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 openssl#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#22 0x402afb in testfile fuzz/test-corpus.c:182 openssl#23 0x402656 in main fuzz/test-corpus.c:226 openssl#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) Indirect leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 openssl#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 openssl#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 openssl#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 openssl#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#23 0x402afb in testfile fuzz/test-corpus.c:182 openssl#24 0x402656 in main fuzz/test-corpus.c:226 openssl#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Kurt Roeckx <[email protected]> (Merged from openssl#18632)

This was found by my Reproducible Error Injection patch (openssl#18356) Due to the exact location of the injected memory error the sha256 digest is missing, and this causes much later the memory leak (and a failed assertion) in tls13_generate_secret. But the reproduction is a bit challenging, as it requires AESNI and RDRAND capability. OPENSSL_ia32cap=0x4200000000000000 ERROR_INJECT=1657070330 ../util/shlib_wrap.sh ./client-test ./corpora/client/791afc153e17db072175eeef85385a38d7f6d194 #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 openssl#6 0x7fceaf9c6b97 in openssl_add_all_digests_int crypto/evp/c_alld.c:39 openssl#7 0x7fceafa0f8ec in ossl_init_add_all_digests crypto/init.c:275 openssl#8 0x7fceafa0f8ec in ossl_init_add_all_digests_ossl_ crypto/init.c:264 openssl#9 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 openssl#10 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 openssl#11 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:677 openssl#12 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:611 openssl#13 0x7fceafdad3e8 in OPENSSL_init_ssl ssl/ssl_init.c:190 openssl#14 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 openssl#15 0x55fb9117e939 in main fuzz/test-corpus.c:194 openssl#16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 openssl#17 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 openssl#6 0x7fceafdad328 in ossl_init_ssl_base ssl/ssl_init.c:87 openssl#7 0x7fceafdad328 in ossl_init_ssl_base_ossl_ ssl/ssl_init.c:24 openssl#8 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 openssl#9 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 openssl#10 0x7fceafdad412 in OPENSSL_init_ssl ssl/ssl_init.c:193 openssl#11 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 openssl#12 0x55fb9117e939 in main fuzz/test-corpus.c:194 openssl#13 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 openssl#14 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) ================================================================= ==1320996==ERROR: LeakSanitizer: detected memory leaks Direct leak of 80 byte(s) in 1 object(s) allocated from: #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fceafa03a85 in int_ctx_new crypto/evp/pmeth_lib.c:144 #3 0x7fceafa03a85 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 #4 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 #5 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 openssl#6 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 openssl#7 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 openssl#8 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 openssl#9 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 openssl#10 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 openssl#11 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 openssl#12 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 openssl#13 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 openssl#14 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 openssl#15 0x55fb9117eb92 in main fuzz/test-corpus.c:226 openssl#16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 Indirect leak of 1080 byte(s) in 1 object(s) allocated from: #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fceafa11555 in pkey_hkdf_init crypto/kdf/hkdf.c:51 #3 0x7fceafa03b36 in int_ctx_new crypto/evp/pmeth_lib.c:160 #4 0x7fceafa03b36 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 #5 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 openssl#6 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 openssl#7 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 openssl#8 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 openssl#9 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 openssl#10 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 openssl#11 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 openssl#12 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 openssl#13 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 openssl#14 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 openssl#15 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 openssl#16 0x55fb9117eb92 in main fuzz/test-corpus.c:226 openssl#17 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 1160 byte(s) leaked in 2 allocation(s). Reviewed-by: Todd Short <[email protected]> Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Hugo Landau <[email protected]> (Merged from openssl#18725)

FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of the hash function output block (in bytes)." Introduce a new option RSA_PSS_SALTLEN_AUTO_DIGEST_MAX and make it the default. The new value will behave like RSA_PSS_SALTLEN_AUTO, but will not use more than the digest length when signing, so that FIPS 186-4 is not violated. This value has two advantages when compared with RSA_PSS_SALTLEN_DIGEST: (1) It will continue to do auto-detection when verifying signatures for maximum compatibility, where RSA_PSS_SALTLEN_DIGEST would fail for other digest sizes. (2) It will work for combinations where the maximum salt length is smaller than the digest size, which typically happens with large digest sizes (e.g., SHA-512) and small RSA keys. J.-S. Coron shows in "Optimal Security Proofs for PSS and Other Signature Schemes. Advances in Cryptology – Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pp. 272 – 287. Springer Verlag, 2002." that longer salts than the output size of modern hash functions do not increase security: "For example,for an application in which at most one billion signatures will be generated, k0 = 30 bits of random salt are actually sufficient to guarantee the same level of security as RSA, and taking a larger salt does not increase the security level." Signed-off-by: Clemens Lang <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#19724)

FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of the hash function output block (in bytes)." Introduce a new option RSA_PSS_SALTLEN_AUTO_DIGEST_MAX and make it the default. The new value will behave like RSA_PSS_SALTLEN_AUTO, but will not use more than the digest length when signing, so that FIPS 186-4 is not violated. This value has two advantages when compared with RSA_PSS_SALTLEN_DIGEST: (1) It will continue to do auto-detection when verifying signatures for maximum compatibility, where RSA_PSS_SALTLEN_DIGEST would fail for other digest sizes. (2) It will work for combinations where the maximum salt length is smaller than the digest size, which typically happens with large digest sizes (e.g., SHA-512) and small RSA keys. J.-S. Coron shows in "Optimal Security Proofs for PSS and Other Signature Schemes. Advances in Cryptology – Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pp. 272 – 287. Springer Verlag, 2002." that longer salts than the output size of modern hash functions do not increase security: "For example,for an application in which at most one billion signatures will be generated, k0 = 30 bits of random salt are actually sufficient to guarantee the same level of security as RSA, and taking a larger salt does not increase the security level." Signed-off-by: Clemens Lang <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (cherry picked from commit 6c73ca4) (Merged from openssl#19862)

When running test_quicapi on master on a Fedora 38 with santizier, a stack use-after-free is reported: ``` 75-test_quicapi.t .. ================================================================= ==28379==ERROR: AddressSanitizer: stack-use-after-return on address 0x03ffa22a2961 at pc 0x03ffa507384a bp 0x03fffb576d68 sp 0x03fffb576550 READ of size 8 at 0x03ffa22a2961 thread T0 #0 0x3ffa5073849 in memcpy (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c) #1 0x118b883 in tls_handle_alpn ssl/statem/statem_srvr.c:2221 #2 0x111569d in tls_parse_all_extensions ssl/statem/extensions.c:813 #3 0x118e2bf in tls_early_post_process_client_hello ssl/statem/statem_srvr.c:1957 #4 0x118e2bf in tls_post_process_client_hello ssl/statem/statem_srvr.c:2290 #5 0x113d797 in read_state_machine ssl/statem/statem.c:712 openssl#6 0x113d797 in state_machine ssl/statem/statem.c:478 openssl#7 0x10729f3 in SSL_do_handshake ssl/ssl_lib.c:4669 openssl#8 0x11cec2d in ossl_quic_tls_tick ssl/quic/quic_tls.c:717 openssl#9 0x11afb03 in ch_tick ssl/quic/quic_channel.c:1296 openssl#10 0x10cd1a9 in ossl_quic_reactor_tick ssl/quic/quic_reactor.c:79 openssl#11 0x10d948b in ossl_quic_tserver_tick ssl/quic/quic_tserver.c:160 openssl#12 0x1021ead in qtest_create_quic_connection test/helpers/quictestlib.c:273 openssl#13 0x102b81d in test_quic_write_read test/quicapitest.c:54 openssl#14 0x12035a9 in run_tests test/testutil/driver.c:370 openssl#15 0x1013203 in main test/testutil/main.c:30 openssl#16 0x3ffa463262b in __libc_start_call_main (/usr/lib64/libc.so.6+0x3262b) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e) openssl#17 0x3ffa463272d in __libc_start_main_impl (/usr/lib64/libc.so.6+0x3272d) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e) openssl#18 0x101efb9 (/root/openssl/test/quicapitest+0x101efb9) (BuildId: 075e387adf6d0032320aaa18061f13e9565ab481) Address 0x03ffa22a2961 is located in stack of thread T0 at offset 33 in frame #0 0x10d868f in alpn_select_cb ssl/quic/quic_tserver.c:49 This frame has 1 object(s): [32, 41) 'alpn' (line 50) <== Memory access at offset 33 is inside this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c) in memcpy Shadow bytes around the buggy address: 0x03ffa22a2680: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2780: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2800: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2880: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x03ffa22a2900: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5[f5]f5 f5 f5 0x03ffa22a2980: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2a00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2a80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2b00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2b80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==28379==ABORTING ../../util/wrap.pl ../../test/quicapitest default ../../test/default.cnf ../../test/certs => 1 not ok 1 - running quicapitest ``` Fix this be making the protocols to select static constants and thereby moving them out of the stack frame of the callback function. Signed-off-by: Juergen Christ <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#20904)

…STRINGS) A recursive OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS) call may happen if an out-of-memory error happens at the first callstack, and the dead-lock happens at the second callstack, because ossl_err_get_state_int calls OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS) although that call is currently already executing. At least on posix system this causes the process to freeze at this point, and must be avoided whatever it takes. The fix is using err_shelve_state around the critical region, which makes ossl_err_get_state_int return early and not call the recursive OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS). This can be reproduced with my error injection patch. The test vector has been validated on the master branch: $ ERROR_INJECT=1692279870 ../util/shlib_wrap.sh ./asn1parse-test ./corpora/asn1parse/027f6e82ba01d9db9a9167b83e56cc9f2c602550 ERROR_INJECT=1692279870 #0 0x7f280b42fef8 in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cpp:86 #1 0x5610a3f396b4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f280a2eb94c in CRYPTO_malloc crypto/mem.c:177 #3 0x7f280a2dafdb in OPENSSL_LH_insert crypto/lhash/lhash.c:114 #4 0x7f280a1c87fe in err_load_strings crypto/err/err.c:264 #5 0x7f280a1c87fe in err_load_strings crypto/err/err.c:259 openssl#6 0x7f280a1c87fe in ERR_load_strings_const crypto/err/err.c:301 openssl#7 0x7f280a6f513b in ossl_err_load_PROV_strings providers/common/provider_err.c:233 openssl#8 0x7f280a1cf015 in ossl_err_load_crypto_strings crypto/err/err_all.c:109 openssl#9 0x7f280a2e9b8c in ossl_init_load_crypto_strings crypto/init.c:190 openssl#10 0x7f280a2e9b8c in ossl_init_load_crypto_strings_ossl_ crypto/init.c:181 openssl#11 0x7f2808cfbf67 (/lib/x86_64-linux-gnu/libc.so.6+0x99f67) openssl#12 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154 openssl#13 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553 openssl#14 0x5610a3f38e2f in FuzzerInitialize fuzz/asn1parse.c:29 openssl#15 0x5610a3f38783 in main fuzz/test-corpus.c:194 openssl#16 0x7f2808c8bd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) openssl#17 0x7f2808c8be3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) openssl#18 0x5610a3f38d34 in _start (/home/runner/work/openssl/openssl/fuzz/asn1parse-test+0x3d34) AddressSanitizer:DEADLYSIGNAL ================================================================= ==27629==ERROR: AddressSanitizer: ABRT on unknown address 0x03e900006e23 (pc 0x7f2808cfbef8 bp 0x7f280b36afe0 sp 0x7ffd545b2460 T0) #0 0x7f2808cfbef8 (/lib/x86_64-linux-gnu/libc.so.6+0x99ef8) #1 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154 #2 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553 #3 0x7f280a1c935e in ossl_err_get_state_int crypto/err/err.c:705 #4 0x7f280a1cf1f9 in ERR_new crypto/err/err_blocks.c:20 #5 0x7f280a2eb9ac in CRYPTO_malloc crypto/mem.c:205 openssl#6 0x7f280a2dafdb in OPENSSL_LH_insert crypto/lhash/lhash.c:114 openssl#7 0x7f280a1c87fe in err_load_strings crypto/err/err.c:264 openssl#8 0x7f280a1c87fe in err_load_strings crypto/err/err.c:259 openssl#9 0x7f280a1c87fe in ERR_load_strings_const crypto/err/err.c:301 openssl#10 0x7f280a6f513b in ossl_err_load_PROV_strings providers/common/provider_err.c:233 openssl#11 0x7f280a1cf015 in ossl_err_load_crypto_strings crypto/err/err_all.c:109 openssl#12 0x7f280a2e9b8c in ossl_init_load_crypto_strings crypto/init.c:190 openssl#13 0x7f280a2e9b8c in ossl_init_load_crypto_strings_ossl_ crypto/init.c:181 openssl#14 0x7f2808cfbf67 (/lib/x86_64-linux-gnu/libc.so.6+0x99f67) openssl#15 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154 openssl#16 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553 openssl#17 0x5610a3f38e2f in FuzzerInitialize fuzz/asn1parse.c:29 openssl#18 0x5610a3f38783 in main fuzz/test-corpus.c:194 openssl#19 0x7f2808c8bd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) openssl#20 0x7f2808c8be3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) openssl#21 0x5610a3f38d34 in _start (/home/runner/work/openssl/openssl/fuzz/asn1parse-test+0x3d34) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x99ef8) ==27629==ABORTING Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> (Merged from openssl#21683)

fake_now in the quictestlib is read/written by potentially many threads, and as such should have a surrounding lock to prevent WAR/RAW errors as caught by tsan: 2023-11-03T16:27:23.7184999Z ================== 2023-11-03T16:27:23.7185290Z WARNING: ThreadSanitizer: data race (pid=18754) 2023-11-03T16:27:23.7185720Z Read of size 8 at 0x558f6f9fe970 by main thread: 2023-11-03T16:27:23.7186726Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aead) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7187665Z #1 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7188567Z #2 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7189561Z #3 run_tests <null> (quicapitest+0x2237ab) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7190294Z #4 main <null> (quicapitest+0x223d2b) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7190720Z 2023-11-03T16:27:23.7190902Z Previous write of size 8 at 0x558f6f9fe970 by thread T1: 2023-11-03T16:27:23.7191607Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aecf) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7192505Z #1 run_server_thread quictestlib.c (quicapitest+0x14b1d6) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7193361Z #2 thread_run quictestlib.c (quicapitest+0x14cadf) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7193848Z 2023-11-03T16:27:23.7194220Z Location is global 'fake_now.0' of size 8 at 0x558f6f9fe970 (quicapitest+0x1af4970) 2023-11-03T16:27:23.7194636Z 2023-11-03T16:27:23.7194816Z Thread T1 (tid=18760, running) created by main thread at: 2023-11-03T16:27:23.7195465Z #0 pthread_create <null> (quicapitest+0xca12d) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7196317Z #1 qtest_create_quic_connection_ex <null> (quicapitest+0x14adcb) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7197214Z #2 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7198111Z #3 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7198940Z #4 run_tests <null> (quicapitest+0x2237ab) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7199661Z #5 main <null> (quicapitest+0x223d2b) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7200083Z 2023-11-03T16:27:23.7200862Z SUMMARY: ThreadSanitizer: data race (/home/runner/work/openssl/openssl/test/quicapitest+0x14aead) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) in qtest_create_quic_connection_ex Reviewed-by: Hugo Landau <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#22616)

Sometimes the error handling returns an ASN1_STRING object in *out although that was not passed in by the caller, and sometimes the error handling deletes the ASN1_STRING but forgets to clear the *out parameter. Therefore the caller has no chance to know, if the leaked object in *out shall be deleted or not. This may cause a use-after-free error e.g. in asn1_str2type: ==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0 READ of size 8 at 0x603000073280 thread T0 #0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354 #1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204 #2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199 #3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20 #4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740 #5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137 openssl#6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 openssl#7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 openssl#8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 openssl#9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 openssl#10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 openssl#11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 openssl#12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 openssl#13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 openssl#14 0x564ed19d5f25 in req_main apps/req.c:806 openssl#15 0x564ed19b8de0 in do_cmd apps/openssl.c:564 openssl#16 0x564ed1985165 in main apps/openssl.c:183 openssl#17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 openssl#18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd) 0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288) freed by thread T0 here: #0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122 #1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311 #2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300 #3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191 #4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 #5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 openssl#6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 openssl#7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 openssl#8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 openssl#9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 openssl#10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 openssl#11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 openssl#12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 openssl#13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 openssl#14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 openssl#15 0x564ed19d5f25 in req_main apps/req.c:806 openssl#16 0x564ed19b8de0 in do_cmd apps/openssl.c:564 openssl#17 0x564ed1985165 in main apps/openssl.c:183 openssl#18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 previously allocated by thread T0 here: #0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221 #2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198 #3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236 #4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150 openssl#6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 openssl#7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 openssl#8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 openssl#9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 openssl#10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 openssl#11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 openssl#12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 openssl#13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 openssl#14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 openssl#15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 openssl#16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 openssl#17 0x564ed19d5f25 in req_main apps/req.c:806 openssl#18 0x564ed19b8de0 in do_cmd apps/openssl.c:564 openssl#19 0x564ed1985165 in main apps/openssl.c:183 openssl#20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 Reviewed-by: Paul Yang <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23138)

ubsan on clang17 has started warning about the following undefined behavior: crypto/lhash/lhash.c:299:12: runtime error: call to function err_string_data_hash through pointer to incorrect function type 'unsigned long (*)(const void *)' [...]/crypto/err/err.c:184: note: err_string_data_hash defined here #0 0x7fa569e3a434 in getrn [...]/crypto/lhash/lhash.c:299:12 #1 0x7fa569e39a46 in OPENSSL_LH_insert [...]/crypto/lhash/lhash.c:119:10 #2 0x7fa569d866ee in err_load_strings [...]/crypto/err/err.c:280:15 [...] The issue occurs because, the generic hash functions (OPENSSL_LH_*) will occasionaly call back to the type specific registered functions for hash generation/comparison/free/etc, using functions of the (example) prototype: [return value] <hash|cmp|free> (void *, [void *], ...) While the functions implementing hash|cmp|free|etc are defined as [return value] <fnname> (TYPE *, [TYPE *], ...) The compiler, not knowing the type signature of the function pointed to by the implementation, performs no type conversion on the function arguments While the C language specification allows for pointers to data of one type to be converted to pointers of another type, it does not allow for pointers to functions with one signature to be called while pointing to functions of another signature. Compilers often allow this behavior, but strictly speaking it results in undefined behavior As such, ubsan warns us about this issue This is an potential fix for the issue, implemented using, in effect, thunking macros. For each hash type, an additional set of wrapper funtions is created (currently for compare and hash, but more will be added for free/doall/etc). The corresponding thunking macros for each type cases the actuall corresponding callback to a function pointer of the proper type, and then calls that with the parameters appropriately cast, avoiding the ubsan warning This approach is adventageous as it maintains a level of type safety, but comes at the cost of having to implement several additional functions per hash table type. Related to openssl#22896 Reviewed-by: Sasa Nedvedicky <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#23192)

if the private key is output to stdout using the HARNESS_OSSL_PREFIX, out is a stack of BIOs and must therefore free'd using BIO_free_all. Steps to reproduce: $ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null [...] Direct leak of 128 byte(s) in 1 object(s) allocated from: #0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202 #2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222 #3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83 #4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95 #5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014 openssl#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175 openssl#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203 openssl#8 0x555c5f528537 in req_main apps/req.c:683 openssl#9 0x555c5f50e315 in do_cmd apps/openssl.c:426 openssl#10 0x555c5f4c5575 in main apps/openssl.c:307 openssl#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s). Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23365) (cherry picked from commit ff78d94)

if the private key is output to stdout using the HARNESS_OSSL_PREFIX, out is a stack of BIOs and must therefore free'd using BIO_free_all. Steps to reproduce: $ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null [...] Direct leak of 128 byte(s) in 1 object(s) allocated from: #0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202 #2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222 #3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83 #4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95 #5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014 openssl#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175 openssl#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203 openssl#8 0x555c5f528537 in req_main apps/req.c:683 openssl#9 0x555c5f50e315 in do_cmd apps/openssl.c:426 openssl#10 0x555c5f4c5575 in main apps/openssl.c:307 openssl#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s). Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23365)

fake_now in the quictestlib is read/written by potentially many threads, and as such should have a surrounding lock to prevent WAR/RAW errors as caught by tsan: 2023-11-03T16:27:23.7184999Z ================== 2023-11-03T16:27:23.7185290Z WARNING: ThreadSanitizer: data race (pid=18754) 2023-11-03T16:27:23.7185720Z Read of size 8 at 0x558f6f9fe970 by main thread: 2023-11-03T16:27:23.7186726Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aead) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7187665Z #1 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7188567Z #2 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7189561Z #3 run_tests <null> (quicapitest+0x2237ab) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7190294Z #4 main <null> (quicapitest+0x223d2b) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7190720Z 2023-11-03T16:27:23.7190902Z Previous write of size 8 at 0x558f6f9fe970 by thread T1: 2023-11-03T16:27:23.7191607Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aecf) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7192505Z #1 run_server_thread quictestlib.c (quicapitest+0x14b1d6) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7193361Z #2 thread_run quictestlib.c (quicapitest+0x14cadf) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7193848Z 2023-11-03T16:27:23.7194220Z Location is global 'fake_now.0' of size 8 at 0x558f6f9fe970 (quicapitest+0x1af4970) 2023-11-03T16:27:23.7194636Z 2023-11-03T16:27:23.7194816Z Thread T1 (tid=18760, running) created by main thread at: 2023-11-03T16:27:23.7195465Z #0 pthread_create <null> (quicapitest+0xca12d) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7196317Z #1 qtest_create_quic_connection_ex <null> (quicapitest+0x14adcb) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7197214Z #2 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7198111Z #3 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7198940Z #4 run_tests <null> (quicapitest+0x2237ab) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7199661Z #5 main <null> (quicapitest+0x223d2b) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7200083Z 2023-11-03T16:27:23.7200862Z SUMMARY: ThreadSanitizer: data race (/home/runner/work/openssl/openssl/test/quicapitest+0x14aead) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) in qtest_create_quic_connection_ex Reviewed-by: Hugo Landau <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#22616) (cherry picked from commit 11179b3)

Sometimes the error handling returns an ASN1_STRING object in *out although that was not passed in by the caller, and sometimes the error handling deletes the ASN1_STRING but forgets to clear the *out parameter. Therefore the caller has no chance to know, if the leaked object in *out shall be deleted or not. This may cause a use-after-free error e.g. in asn1_str2type: ==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0 READ of size 8 at 0x603000073280 thread T0 #0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354 #1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204 #2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199 #3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20 #4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740 #5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137 openssl#6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 openssl#7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 openssl#8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 openssl#9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 openssl#10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 openssl#11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 openssl#12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 openssl#13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 openssl#14 0x564ed19d5f25 in req_main apps/req.c:806 openssl#15 0x564ed19b8de0 in do_cmd apps/openssl.c:564 openssl#16 0x564ed1985165 in main apps/openssl.c:183 openssl#17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 openssl#18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd) 0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288) freed by thread T0 here: #0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122 #1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311 #2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300 #3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191 #4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 #5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 openssl#6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 openssl#7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 openssl#8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 openssl#9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 openssl#10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 openssl#11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 openssl#12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 openssl#13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 openssl#14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 openssl#15 0x564ed19d5f25 in req_main apps/req.c:806 openssl#16 0x564ed19b8de0 in do_cmd apps/openssl.c:564 openssl#17 0x564ed1985165 in main apps/openssl.c:183 openssl#18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 previously allocated by thread T0 here: #0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221 #2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198 #3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236 #4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150 openssl#6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 openssl#7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 openssl#8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 openssl#9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 openssl#10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 openssl#11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 openssl#12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 openssl#13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 openssl#14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 openssl#15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 openssl#16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 openssl#17 0x564ed19d5f25 in req_main apps/req.c:806 openssl#18 0x564ed19b8de0 in do_cmd apps/openssl.c:564 openssl#19 0x564ed1985165 in main apps/openssl.c:183 openssl#20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 Reviewed-by: Paul Yang <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23138) (cherry picked from commit 73ebaac)

if the private key is output to stdout using the HARNESS_OSSL_PREFIX, out is a stack of BIOs and must therefore free'd using BIO_free_all. Steps to reproduce: $ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null [...] Direct leak of 128 byte(s) in 1 object(s) allocated from: #0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202 #2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222 #3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83 #4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95 #5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014 openssl#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175 openssl#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203 openssl#8 0x555c5f528537 in req_main apps/req.c:683 openssl#9 0x555c5f50e315 in do_cmd apps/openssl.c:426 openssl#10 0x555c5f4c5575 in main apps/openssl.c:307 openssl#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s). Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23365) (cherry picked from commit ff78d94)

The following issue was found in automatic tests with thread sanitizer builds in ClickHouse (which uses OpenSSL 3.2.1) [0]. The first stack [1] does proper locking (function 'x509_store_add', x509_lu.c) but in the second stack [2], function 'get_cert_by_subject_ex' (by_dir.b) forgets to lock when calling 'sk_X509_OBJECT_is_sorted'. [0] ClickHouse/ClickHouse#63049 [1] WARNING: ThreadSanitizer: data race (pid=1870) Write of size 4 at 0x7b08003d6810 by thread T552 (mutexes: write M0, write M1, write M2, write M3): #0 OPENSSL_sk_insert build_docker/./contrib/openssl/crypto/stack/stack.c:280:16 (clickhouse+0x203ad7e4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 OPENSSL_sk_push build_docker/./contrib/openssl/crypto/stack/stack.c:401:12 (clickhouse+0x203ad7e4) #2 x509_store_add build_docker/./contrib/openssl/crypto/x509/x509_lu.c:419:17 (clickhouse+0x203d4a52) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 X509_STORE_add_cert build_docker/./contrib/openssl/crypto/x509/x509_lu.c:432:10 (clickhouse+0x203d48a2) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #4 X509_load_cert_file_ex build_docker/./contrib/openssl/crypto/x509/by_file.c:127:18 (clickhouse+0x203b74e6) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:333:22 (clickhouse+0x203b684c) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#6 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#7 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) openssl#8 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#9 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#10 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) openssl#11 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#12 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#13 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#14 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#15 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#16 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#17 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#18 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#19 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) openssl#20 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#21 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#22 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#23 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) [2] Previous read of size 4 at 0x7b08003d6810 by thread T553 (mutexes: write M4, write M5, write M6): #0 OPENSSL_sk_is_sorted build_docker/./contrib/openssl/crypto/stack/stack.c:490:33 (clickhouse+0x203adcff) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:423:10 (clickhouse+0x203b6d8f) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #2 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #4 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#6 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) openssl#7 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#8 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#9 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#10 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#11 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#12 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#13 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#14 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#15 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) openssl#16 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#17 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#18 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#19 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) CLA: trivial Reviewed-by: Todd Short <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24295) (cherry picked from commit af75373)

The following issue was found in automatic tests with thread sanitizer builds in ClickHouse (which uses OpenSSL 3.2.1) [0]. The first stack [1] does proper locking (function 'x509_store_add', x509_lu.c) but in the second stack [2], function 'get_cert_by_subject_ex' (by_dir.b) forgets to lock when calling 'sk_X509_OBJECT_is_sorted'. [0] ClickHouse/ClickHouse#63049 [1] WARNING: ThreadSanitizer: data race (pid=1870) Write of size 4 at 0x7b08003d6810 by thread T552 (mutexes: write M0, write M1, write M2, write M3): #0 OPENSSL_sk_insert build_docker/./contrib/openssl/crypto/stack/stack.c:280:16 (clickhouse+0x203ad7e4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 OPENSSL_sk_push build_docker/./contrib/openssl/crypto/stack/stack.c:401:12 (clickhouse+0x203ad7e4) #2 x509_store_add build_docker/./contrib/openssl/crypto/x509/x509_lu.c:419:17 (clickhouse+0x203d4a52) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 X509_STORE_add_cert build_docker/./contrib/openssl/crypto/x509/x509_lu.c:432:10 (clickhouse+0x203d48a2) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #4 X509_load_cert_file_ex build_docker/./contrib/openssl/crypto/x509/by_file.c:127:18 (clickhouse+0x203b74e6) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:333:22 (clickhouse+0x203b684c) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#6 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#7 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) openssl#8 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#9 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#10 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) openssl#11 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#12 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#13 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#14 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#15 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#16 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#17 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#18 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#19 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) openssl#20 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#21 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#22 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#23 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) [2] Previous read of size 4 at 0x7b08003d6810 by thread T553 (mutexes: write M4, write M5, write M6): #0 OPENSSL_sk_is_sorted build_docker/./contrib/openssl/crypto/stack/stack.c:490:33 (clickhouse+0x203adcff) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:423:10 (clickhouse+0x203b6d8f) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #2 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #4 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#6 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) openssl#7 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#8 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#9 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#10 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#11 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#12 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#13 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#14 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#15 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) openssl#16 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#17 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#18 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#19 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) CLA: trivial Reviewed-by: Todd Short <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24295)

The following issue was found in automatic tests with thread sanitizer builds in ClickHouse (which uses OpenSSL 3.2.1) [0]. The first stack [1] does proper locking (function 'x509_store_add', x509_lu.c) but in the second stack [2], function 'get_cert_by_subject_ex' (by_dir.b) forgets to lock when calling 'sk_X509_OBJECT_is_sorted'. [0] ClickHouse/ClickHouse#63049 [1] WARNING: ThreadSanitizer: data race (pid=1870) Write of size 4 at 0x7b08003d6810 by thread T552 (mutexes: write M0, write M1, write M2, write M3): #0 OPENSSL_sk_insert build_docker/./contrib/openssl/crypto/stack/stack.c:280:16 (clickhouse+0x203ad7e4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 OPENSSL_sk_push build_docker/./contrib/openssl/crypto/stack/stack.c:401:12 (clickhouse+0x203ad7e4) #2 x509_store_add build_docker/./contrib/openssl/crypto/x509/x509_lu.c:419:17 (clickhouse+0x203d4a52) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 X509_STORE_add_cert build_docker/./contrib/openssl/crypto/x509/x509_lu.c:432:10 (clickhouse+0x203d48a2) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #4 X509_load_cert_file_ex build_docker/./contrib/openssl/crypto/x509/by_file.c:127:18 (clickhouse+0x203b74e6) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:333:22 (clickhouse+0x203b684c) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#6 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#7 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) openssl#8 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#9 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#10 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) openssl#11 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#12 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#13 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#14 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#15 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#16 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#17 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#18 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#19 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) openssl#20 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#21 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#22 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#23 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) [2] Previous read of size 4 at 0x7b08003d6810 by thread T553 (mutexes: write M4, write M5, write M6): #0 OPENSSL_sk_is_sorted build_docker/./contrib/openssl/crypto/stack/stack.c:490:33 (clickhouse+0x203adcff) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:423:10 (clickhouse+0x203b6d8f) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #2 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #4 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#6 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) openssl#7 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#8 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#9 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#10 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#11 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#12 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#13 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#14 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#15 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) openssl#16 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#17 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#18 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#19 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) CLA: trivial Reviewed-by: Todd Short <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24295) (cherry picked from commit af75373)

t8m added 4 commits May 11, 2021 17:18

Add checksums github CI action

d07d511

fixup! Add checksums github CI action

c15d8bb

fipsprov: Missing teardown on fips_get_params_from_core() error

b62b360

Set the severity: fips change label if fips checksum changed

63e662e

github-actions bot added the severity: fips change The pull request changes FIPS provider sources label May 11, 2021

t8m removed the severity: fips change The pull request changes FIPS provider sources label May 11, 2021

t8m added 2 commits May 11, 2021 18:19

fixup! Set the severity: fips change label if fips checksum changed

ba29e2b

fixup! Set the severity: fips change label if fips checksum changed

8f51e02

t8m force-pushed the fips-checksums branch from 2b78c94 to 8f51e02 Compare May 11, 2021 16:28

github-actions bot added the severity: fips change The pull request changes FIPS provider sources label May 11, 2021

t8m mentioned this pull request May 11, 2021

Separate fips checksums from make update and apply label on PRs openssl/openssl#15229

Closed

t8m added 2 commits May 12, 2021 08:55

fixup! Add checksums github CI action

b51c85a

Remove the severity: fips change label if fips checksum unchanged

f4fffe9

github-actions bot removed the severity: fips change The pull request changes FIPS provider sources label May 12, 2021

t8m force-pushed the fips-checksums branch from bc770eb to f4fffe9 Compare May 12, 2021 07:08

github-actions bot added the severity: fips change The pull request changes FIPS provider sources label May 12, 2021

Allow diff-fips-checksums in in-tree build

20a6705

t8m closed this May 13, 2021

t8m deleted the fips-checksums branch May 11, 2022 14:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fips checksums #1

Fips checksums #1

t8m commented May 11, 2021

Fips checksums #1

Fips checksums #1

Conversation

t8m commented May 11, 2021

Checklist