Random and rare Seg faults at openssl library level

Gimhani Uthpala gimhanieuthpala at gmail.com
Thu Jan 7 22:49:03 UTC 2021 

On Thu, Jan 7, 2021 at 1:51 PM Jan Just Keijser <janjust at nikhef.nl> wrote:

> Hi,
>
> On 06/01/21 18:10, Gimhani Uthpala wrote:
>
> Dear team,
> I'm running an application which uses openssl for secure communication
> between processes. I am getting seg-faults at openssl level. This only
> occurred very randomly and the following are stacks that seg faults  at
> openssl level in the given 2 cases. We are using openssl 1.0.2k.
>
> version 1.0.2k suggests you are using RHEL7/CentOS 7, correct?
>

Yes, I am using RHEL7 and using its openssl version 1.0.2k-fips.


> Went through the security vulnerabilities list for this version but
> couldn't find a clue. Running valgrind too didn't give an exact clue
> related to the issue. Can you please guide me how can I find the exact root
> cause for the seg fault?
>
> I am calling SSL_do_handshake(ssl_ctx) from my code level and both the
> below seg faults are occuring from it's inside.
>
> #0  0x00007fd64cdabdd3 in ASN1_item_verify () from /lib64/libcrypto.so.10
> #1  0x00007fd64cdcac58 in internal_verify () from /lib64/libcrypto.so.10
> #2  0x00007fd64cdccaef in X509_verify_cert () from /lib64/libcrypto.so.10
> #3  0x00007fd64d111c68 in ssl_verify_cert_chain () from /lib64/libssl.so.10
> #4  0x00007fd64d0e8cc6 in ssl3_get_client_certificate () from
> /lib64/libssl.so.10
> *#5  0x00007fd64d0ea3f8 in ssl3_accept () from /lib64/libssl.so.10*
>
>
> so the segfault occurs inside ASN1_item_verify () when verifying the
> certificate - it could be a malformed certificate with invalid ASN1
> encoding; do you have the certificate that causes the segfault?
>

> If you do not, then it is worthwhile recording/storing all certificates
> until you find the one that causes the segfault and then examine it.
>

I do not have access to the certificate that caused segfault. Will try to
record all certs to check this, Thanks.


>
>
> HTH,
>
> JJK
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210108/d1c14c12/attachment.html>

More information about the openssl-users mailing list