Hi,
when using OpenSSL 1.0.1c together with a chrooted bind 9.7.3
on Red Hat 6 x86_64, I got reproducible crashes within OpenSSL:
Program received signal SIGSEGV, Segmentation fault.
OPENSSL_cleanse () at x86_64cpuid.s:181
181 movq %rax,(%rdi)
(gdb) bt
#0 OPENSSL_cleanse () at x86_64cpuid.s:181
#1 0x00007ffff6ee076f in drbg_free_entropy (ctx=<value optimized out>, out=0x0,
olen=<value optimized out>) at rand_lib.c:213
#2 0x00007ffff6e699b4 in FIPS_drbg_instantiate () from /lib64/libcrypto.so.10
#3 0x00007ffff6ee0b90 in RAND_init_fips () at rand_lib.c:286
#4 0x00007ffff6e74b31 in CRYPTO_set_mem_functions (m=0x7ffff7973780 <mem_alloc>,
r=0x7ffff7973730 <mem_realloc>,
f=0x7ffff79734d0 <mem_free>) at mem.c:128
#5 0x00007ffff79737f8 in dst__openssl_init (engine=0x0) at openssl_link.c:174
#6 0x00007ffff797a888 in dst_lib_init2 (mctx=<value optimized out>,
ectx=0x7ffff7fa7280, engine=0x0, eflags=1) at dst_api.c:210
#7 0x0000555555589493 in ns_server_create (mctx=<value optimized out>,
serverp=0x5555557c9eb0) at server.c:4934
#8 0x0000555555579199 in setup (argc=<value optimized out>,
argv=0x7fffffffe698) at ./main.c:856
#9 main (argc=<value optimized out>, argv=0x7fffffffe698) at ./main.c:1026
The strace fragment shows what is going on before the segfault:
26734 open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1 ENOENT (No such
file or directory)
26734 open("/dev/random", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 9
26734 fstat(9, {st_mode=S_IFCHR|0644, st_rdev=makedev(1, 8), ...}) = 0
26734 poll([{fd=9, events=POLLIN}], 1, 10) = 1 ([{fd=9, revents=POLLIN}])
26734 read(9, "\254j\357\235t\36\273\306\26261\0\352A\221\321", 32) = 16
26734 close(9) = 0
26734 open("/dev/srandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1 ENOENT (No such
file or directory)
26734 socket(PF_FILE, SOCK_STREAM, 0) = 9
26734 connect(9, {sa_family=AF_FILE, path="/var/run/egd-pool"}, 19) = -1 ENOENT
(No such file or directory)
26734 close(9) = 0
26734 socket(PF_FILE, SOCK_STREAM, 0) = 9
26734 connect(9, {sa_family=AF_FILE, path="/dev/egd-pool"}, 15) = -1 ENOENT (No
such file or directory)
26734 close(9) = 0
26734 socket(PF_FILE, SOCK_STREAM, 0) = 9
26734 connect(9, {sa_family=AF_FILE, path="/etc/egd-pool"}, 15) = -1 ENOENT (No
such file or directory)
26734 close(9) = 0
26734 socket(PF_FILE, SOCK_STREAM, 0) = 9
26734 connect(9, {sa_family=AF_FILE, path="/etc/entropy"}, 14) = -1 EACCES
(Permission denied)
26734 close(9) = 0
26734 getuid() = 25
26734 time(NULL) = 1345561606
26734 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
So the init code doesn't get enough bytes from /dev/random,
which then later triggers the bug.
The patch below fixes the issue. Creating /dev/urandom within the
chroot helps as well.
Cheers,
Ralf
diff -up openssl-fips-2.0.1/fips/rand/fips_drbg_lib.c.debug
openssl-fips-2.0.1/fips/rand/fips_drbg_lib.c
--- openssl-fips-2.0.1/fips/rand/fips_drbg_lib.c.debug 2011-11-06
08:08:54.000000000 -0500
+++ openssl-fips-2.0.1/fips/rand/fips_drbg_lib.c 2012-08-21
14:14:34.000000000 -0400
@@ -160,9 +160,9 @@ static size_t fips_get_entropy(DRBG_CTX
return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
rv = dctx->get_entropy(dctx, &tout, entropy + bl,
min_len + bl, max_len + bl);
- *pout = tout + bl;
if (rv < (min_len + bl) || (rv % bl))
return 0;
+ *pout = tout + bl;
/* Compare consecutive blocks for continuous PRNG test */
for (p = tout; p < tout + rv - bl; p += bl)
{
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
