On Thu, Jan 7, 2021 at 1:51 PM Jan Just Keijser <janj...@nikhef.nl> wrote:
> Hi, > > On 06/01/21 18:10, Gimhani Uthpala wrote: > > Dear team, > I'm running an application which uses openssl for secure communication > between processes. I am getting seg-faults at openssl level. This only > occurred very randomly and the following are stacks that seg faults at > openssl level in the given 2 cases. We are using openssl 1.0.2k. > > version 1.0.2k suggests you are using RHEL7/CentOS 7, correct? > Yes, I am using RHEL7 and using its openssl version 1.0.2k-fips. > Went through the security vulnerabilities list for this version but > couldn't find a clue. Running valgrind too didn't give an exact clue > related to the issue. Can you please guide me how can I find the exact root > cause for the seg fault? > > I am calling SSL_do_handshake(ssl_ctx) from my code level and both the > below seg faults are occuring from it's inside. > > #0 0x00007fd64cdabdd3 in ASN1_item_verify () from /lib64/libcrypto.so.10 > #1 0x00007fd64cdcac58 in internal_verify () from /lib64/libcrypto.so.10 > #2 0x00007fd64cdccaef in X509_verify_cert () from /lib64/libcrypto.so.10 > #3 0x00007fd64d111c68 in ssl_verify_cert_chain () from /lib64/libssl.so.10 > #4 0x00007fd64d0e8cc6 in ssl3_get_client_certificate () from > /lib64/libssl.so.10 > *#5 0x00007fd64d0ea3f8 in ssl3_accept () from /lib64/libssl.so.10* > > > so the segfault occurs inside ASN1_item_verify () when verifying the > certificate - it could be a malformed certificate with invalid ASN1 > encoding; do you have the certificate that causes the segfault? > > If you do not, then it is worthwhile recording/storing all certificates > until you find the one that causes the segfault and then examine it. > I do not have access to the certificate that caused segfault. Will try to record all certs to check this, Thanks. > > > HTH, > > JJK >
