Re: [openssl-dev] OpenSSL version 1.1.0 pre release 2 published

Thu, 14 Jan 2016 09:40:06 -0800 

On Thu, Jan 14, 2016 at 06:47:49PM +0200, Jouni Malinen wrote:

> EAP server side is crashing (segmentation fault) in a pretty strange way
> when using CRL validation as part of the TLS handshake. This is my test
> case ap_wpa2_eap_tls_check_crl which shows following in valgrind for the
> hostapd process that went through the TLS server side exchange. It looks
> like a crash in OpenSSL check_revocation(), but I guess I'll need to
> enable more debug symbols somewhere to get bit more helpful output. This
> same test case worked fine with pre release 1. The test case ends up
> using a code path that executes cs = SSL_CTX_get_cert_store() and
> X509_STORE_set_flags(cs, X509_V_FLAG_CRL_CHECK).
> 
> ==627== Conditional jump or move depends on uninitialised value(s)
> ==627==    at 0x6174D5: check_revocation (in 
> /home/jm/Git/hostap/hostapd/hostapd)
> ==627==    by 0x618280: verify_chain (in /home/jm/Git/hostap/hostapd/hostapd)
> ==627==    by 0x55782F: ssl_add_cert_chain (in 
> /home/jm/Git/hostap/hostapd/hostapd)
> ==627==    by 0x575157: ssl3_output_cert_chain (in 
> /home/jm/Git/hostap/hostapd/hostapd)
> ==627==    by 0x569D3C: ossl_statem_server_construct_message (in 
> /home/jm/Git/hostap/hostapd/hostapd)
> ==627==    by 0x56461D: state_machine (in /home/jm/Git/hostap/hostapd/hostapd)
> ==627==    by 0x5513BB: SSL_accept (in /home/jm/Git/hostap/hostapd/hostapd)
> ==627==    by 0x50AF9C: openssl_handshake (tls_openssl.c:3180)
> ==627==    by 0x50AF9C: openssl_connection_handshake (tls_openssl.c:3273)
> ==627==    by 0x508A21: eap_server_tls_phase1 (eap_server_tls_common.c:316)
> ==627==    by 0x4C41B1: eap_tls_process_msg (eap_server_tls.c:247)
> ==627==    by 0x508C6B: eap_server_tls_process (eap_server_tls_common.c:468)
> ==627==    by 0x4C40C3: eap_tls_process (eap_server_tls.c:259)
> ==627== 
> ==627== Use of uninitialised value of size 8
> ==627==    at 0x61742D: check_revocation (in 
> /home/jm/Git/hostap/hostapd/hostapd)
> ==627==    by 0x662C55F: ???
> ==627==    by 0xEFFFFFFFF: ???
> ==627==    by 0x654653F: ???

See patch just posted, and also pushed to github.  This will likely fix
the CRL issue.

    commit 311f27852a18fb9c10f0c1283b639f12eea06de2
    Author: Viktor Dukhovni <[email protected]>
    Date:   Thu Jan 14 12:23:35 2016 -0500

        Always initialize X509_STORE_CTX get_crl pointer

-- 
        Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to