[openssl-dev] [openssl.org #4611] PKCS12_create() not thread-safe for ECDSA

Matt Slot via RT rt at openssl.org
Sun Jul 10 19:38:03 UTC 2016 

OpenSSL 1.0.2h

The function eckey_priv_encode() may crash if the same pkey is serialized from multiple threads. Here is a sample backtrace:

#0 0x00007fff8f321f92 in _platform_memmove$VARIANT$Haswell ()
#1 0x0000000100196132 in i2c_ASN1_BIT_STRING
#2 0x00000001001a1fb2 in asn1_ex_i2c
#3 0x00000001001a1e68 in asn1_i2d_ex_primitive
#4 0x00000001001a19fd in ASN1_item_ex_i2d
#5 0x00000001001a1d8b in asn1_template_ex_i2d
#6 0x00000001001a1a8b in ASN1_item_ex_i2d
#7 0x00000001001a16d0 in asn1_item_flags_i2d
#8 0x0000000100149d3e in i2d_ECPrivateKey
#9 0x000000010014e576 in eckey_priv_encode
#10 0x000000010018e9f9 in EVP_PKEY2PKCS8_broken
#11 0x00000001001d38d9 in PKCS12_add_key
#12 0x00000001001d35a3 in PKCS12_create

EC_KEY_set_enc_flags() is called to modify/restore the encoding flags within the EC_KEY. Two calls are made to i2d_ECPrivateKey(). The first calculates the necessary buffer length, the second serializes the data into an allocated buffer. If the flags change during this period, the second call overwrites the buffer.

These APIs are documented as thread safe, and should not change the internal flags of the pkey without proper locking.

Matt Slot
Principal Software Engineer

Barracuda Networks, Inc.
317 Maynard St. Ann Arbor, MI 48104
o: 734-887-2481<tel:734-887-2481>  | m: 517-667-6243<tel:517-667-6243> | mslot at barracuda.com<mailto:mslot at barracuda.com>
Connect with us: barracuda.com/connect<http://www.barracuda.com/connect>

[cid:CA69E95D-A573-47F4-A2D6-4E3B56C36852]


===========================================================


Considering Office 365?  Barracuda security and storage solutions can help. Learn more about Barracuda solutions for Office 365 at http://barracuda.com/office365.

DISCLAIMER:
This e-mail and any attachments to it contain confidential and proprietary material of Barracuda, its affiliates or agents, and is solely for the use of the intended recipient. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed.


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4611
Please log in as guest with password guest if prompted

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 36C30E00-6397-462F-94DD-A75A9D1A6C05.png
Type: image/png
Size: 4106 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160710/cd28f380/attachment-0001.png>

More information about the openssl-dev mailing list