[openssl-dev] Fwd: latest OpenSSL causes OpenSMTPD to segv

Richard Levitte levitte at openssl.org
Mon Feb 1 23:39:40 UTC 2016 

In message <20160201231650.GF4987 at mournblade.imrryr.org> on Mon, 1 Feb 2016 23:16:50 +0000, Viktor Dukhovni <openssl-users at dukhovni.org> said:

openssl-users> On Mon, Feb 01, 2016 at 10:52:56PM +0000, Viktor Dukhovni wrote:
openssl-users> 
openssl-users> > The only thing I see that's plausibly pertinent is:
openssl-users> > 
openssl-users> > commit 6656ba7152dfe4bba865e327dd362ea08544aa80
openssl-users> > Author: Dr. Stephen Henson <steve at openssl.org>
openssl-users> > Date:   Sun Dec 20 18:18:43 2015 +0000
openssl-users> > 
openssl-users> >     Don't check RSA_FLAG_SIGN_VER.
openssl-users> > 
openssl-users> >     Reviewed-by: Richard Levitte <levitte at openssl.org>
openssl-users> > 
openssl-users> 
openssl-users> This is related to:
openssl-users> 
openssl-users>     commit 1c80019a2c8f59410552197723829fd72ab45a5e
openssl-users>     Author: Dr. Stephen Henson <steve at openssl.org>
openssl-users>     Date:   Sat Sep 18 22:37:44 1999 +0000
openssl-users> 
openssl-users> 	Add new sign and verify members to RSA_METHOD and change SSL code to use sign
openssl-users> 	and verify rather than direct encrypt/decrypt.
openssl-users> 
openssl-users> Which was already present in 0.9.7.  Thus, presumably engines have
openssl-users> been expected to implement the "new" methods, if they were ported
openssl-users> to OpenSSL 0.9.7 or later.
openssl-users> 
openssl-users> It seems that perhaps the need to implemnt sign/verify and not just
openssl-users> encrypt/decrypt has not been communicated to the engine maintainers.
openssl-users> 
openssl-users> The master branch has:
openssl-users> 
openssl-users>     commit 19c6d3ea2d3b4e0ad3e978e42cc7cbdf0c09891f
openssl-users>     Author: Dr. Stephen Henson <steve at openssl.org>
openssl-users>     Date:   Wed Dec 2 14:30:39 2015 +0000
openssl-users> 
openssl-users> 	Remove RSA_FLAG_SIGN_VER flag.
openssl-users> 
openssl-users> 	Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary
openssl-users> 	compatibility after RSA_METHOD was extended to include rsa_sign and
openssl-users> 	rsa_verify fields. It is no longer needed.
openssl-users> 
openssl-users> 	Reviewed-by: Richard Levitte <levitte at openssl.org>
openssl-users> 
openssl-users> And while indeed the structure has been stable with sign/verify
openssl-users> methods for ages, engines that don't implement sign/verify may well
openssl-users> exist, so dropping the flag check can break some engines.

Hold on a minute...  there is a test that the function pointer is
assigned:

    if (rsa->meth->rsa_sign) {
        return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
    }

So what I can conclude without looking is that one of two things have
happened:

1. the RSA_METHOD hasn't been fully initialised, so the rsa_sign
   pointer is garbage.

2. the function that rsa_sign points as is faulty in some way, but has
   never been called before now because there was no RSA_FLAG_SIGN_VER
   bit present.

I just downloaded the latest portable OpenSMTPD and am noticing that
rsa_sign, rsa_verify and rsa_keygen are filled in (with rsae_sign,
rsae_verify and rsae_keygen), but that there are no bits at all
assigned to the flags field.  As far as I can see, this means that
these functions have never been called...  before now.

Ref: opensmtpd-5.7.3p1.tar.gz, smtpd/ca.c

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-dev mailing list