[openssl-dev] [openssl.org #4467] SSL_Connect crashed

Tiantian Liu via RT rt at openssl.org
Mon Mar 21 15:51:00 UTC 2016


Hi,
Good morning everyone!

I have an issue about OpenSSL.
I installed OpenSSL-1.0.1p on a 32-bit Linux machine.

Our application uses the OpenSSL library to communicate with other hosts over TLS1.2 protocol.
The OpenSSL library has been working for us pretty well, until last Friday one developer told me our application crashed whenever it called SSL_Connect().
I was shocked, I don't know why OpenSSL library stopped working suddenly.


I changed the protocol to SSLv23, then our application didn't crash anymore and communicated with host well.
But if I change back to TLS1.2, the application crashed again at the place where SSL_Connect() was called.

I am pretty sure, the does support TLS1.2 and it used to work. I also use the openssl command successfully established connection to peer over TLS1.2:

#openssl s_client -connect 71.6.108.188:443
........
........
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES128-SHA
    Session-ID: 56F011C1586C3FD0D406FD908012B47501CF06748182A738424120C90A15E646
    Session-ID-ctx:
    Master-Key: 7C12A5E358194A350AE990BCF1C1DA3606D8E46F3DDCEFCAADD6724B72D9FB0DD802616255FC0DFFB7898C56F1FDAEBC
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1458573627
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
.........

I used GDB to investigate the issue in our source code, GDB printed all the fields in SSL structure passed into SSL_Connect():
(gdb) n
562                     res = SSL_connect(ssl);
(gdb) print *ssl
$3 = {version = 771, type = 0, method = 0x860520, rbio = 0x9a28588, wbio = 0x9a28588, bbio = 0x0, rwstate = 1, in_handshake = 0, handshake_func = 0, server = 1, new_session = 0,
  quiet_shutdown = 0, shutdown = 0, state = 24576, rstate = 240, init_buf = 0x0, init_msg = 0x0, init_num = 0, init_off = 0, packet = 0x0, packet_length = 0, s2 = 0x0, s3 = 0x9a286b0,
  d1 = 0x0, read_ahead = 0, msg_callback = 0, msg_callback_arg = 0x0, hit = 0, param = 0x9a28688, cipher_list = 0x0, cipher_list_by_id = 0x0, mac_flags = 0, enc_read_ctx = 0x0,
  read_hash = 0x0, expand = 0x0, enc_write_ctx = 0x0, write_hash = 0x0, compress = 0x9a29120, cert = 0x0, sid_ctx_length = 0, sid_ctx = '\0' <repeats 31 times>, session = 0x0,
  generate_session_id = 0, verify_mode = 0, verify_callback = 0, info_callback = 0, error = 0, error_code = 161704456, psk_client_callback = 0, psk_server_callback = 0, ctx = 0x0,
  debug = 0, verify_result = 0, ex_data = {sk = 0x1, dummy = 0}, client_CA = 0x0, references = 102400, options = 0, mode = 771, max_cert_list = 0, first_packet = 0, client_version = 0,
  max_send_fragment = 0, tlsext_debug_cb = 0xffffffff, tlsext_debug_arg = 0x0, tlsext_hostname = 0x0, servername_done = 0, tlsext_status_type = 0, tlsext_status_expected = -1,
  tlsext_ocsp_ids = 0x0, tlsext_ocsp_exts = 0x9a36a08, tlsext_ocsp_resp = 0x8622c0 "\001", tlsext_ocsp_resplen = 73, tlsext_ticket_expected = 4780448, tlsext_ecpointformatlist_length = 0,
  tlsext_ecpointformatlist = 0x0, tlsext_ellipticcurvelist_length = 1, tlsext_ellipticcurvelist = 0x0, tlsext_opaque_prf_input = 0x0, tlsext_opaque_prf_input_len = 0,
  tlsext_session_ticket = 0x6, tls_session_ticket_ext_cb = 0, tls_session_ticket_ext_cb_arg = 0x0, tls_session_secret_cb = 0, tls_session_secret_cb_arg = 0x1, initial_ctx = 0x0,
  next_proto_negotiated = 0x0, next_proto_negotiated_len = 0 '\0', srtp_profiles = 0x0, srtp_profile = 0x0, tlsext_heartbeat = 137, tlsext_hb_pending = 14406096, tlsext_hb_seq = 14406096,
  renegotiate = 0, srp_ctx = {SRP_cb_arg = 0x0, TLS_ext_srp_username_callback = 0, SRP_verify_param_callback = 0, SRP_give_srp_client_pwd_callback = 0,
    login = 0x44454c4c <Address 0x44454c4c out of bounds>, N = 0x9a285f8, g = 0x61, s = 0x9a29820, B = 0xdbd150, A = 0x0, a = 0x4, b = 0x18, v = 0x18, info = 0x9a298d0 "", strength = 0,
    srp_Mask = 0}}
(gdb) n

Program received signal SIGSEGV, Segmentation fault.
0x008283cc in ssl3_connect () from /usr/lib/libssl.so.1.0.0
(gdb) quit

The SSL structure was returned by SSL_new(), and we didn't touch the SSL structure before we calling SSL_Connect().
The only suspicious value I found is the  'out of bounds' error upon 'login' field. But I don't think it caused the crash.
Because I also printed  SSL structure after I changed to SSLv23 protocol. I also found there were a number of 'out of bounds' errors happened, but no crash.

P.S: I re-compiled the same source code on 64-bit Linux machine, which has different OpenSSL version, and I confirm our application works fine with TLS1.2, no crash at all.
Could you tell me what probably happened?
Any recommendation is welcome!

Thanks,
Tyer
[Acceo Solutions]

Tiantian(Tyler) Liu
Analyste Programmeur | Programmer Analyst
Tender Retail
ACCEO Solutions Inc.

416-498-1200 ext. 301
Suite 400 - 2 Lansing Square Toronto, Ontario, Canada M2J 4P8
acceo.com<http://www.acceo.com/>






-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4467
Please log in as guest with password guest if prompted

-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 14459 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160321/41183a9a/attachment-0001.jpg>


More information about the openssl-dev mailing list