Hello,
Trying to use version 1.9.6 lcp utilities, which contains a patchset
that updates the openssl usage, always segfaulted for me.
The problem is the patchset introduced double free bugs, which
depending on your compiler, linker, libc, etc could go unnoticed or
segfault. I got lucky, it segfaulted :)
Attached is a patch that fixes the double frees. After this patch no
more segfaults.
Cheers,
Curt
Author: Curt Brune <c...@cumulusnetworks.com>
Date: Fri Sep 1 08:06:39 2017 -0700
Fix openssl-1.0.2 double frees
Changeset 487:4e7bfa7aaa00 introduced double free bugs, which leads to
segmentation faults when running the lcp_crtpollist and
lcp2_crtpollish utilities:
changeset: 487:4e7bfa7aaa00
user: Ning Sun <ning....@intel.com>
date: Thu May 18 12:02:49 2017 -0700
files: lcptools-v2/crtpollist.c lcptools-v2/lcputils.c lcptools/crtpollist.c lcptools/lcputils2.c
description:
[PATCH 3/4] Support OpenSSL 1.1.0+ for RSA key manipulation.
The original code copies the BN object pointers to/from the RSA public
key. During clean up the code frees the BN objects *and* frees the
RSA public key, which also tries to free its internal BN objects.
For openssl-1.0.2, this patch uses BN_dup() to create a duplicate BN
object instead of just copying the pointer.
With this patch in place the segmentation faults are no longer
witnessed.
Signed-off-by: Curt Brune <c...@cumulusnetworks.com>
diff --git a/lcptools-v2/crtpollist.c b/lcptools-v2/crtpollist.c
index 4c1a12a..3a9d349 100644
--- a/lcptools-v2/crtpollist.c
+++ b/lcptools-v2/crtpollist.c
@@ -160,15 +160,14 @@ static lcp_signature_t2 *read_rsa_pubkey_file(const char *file)
memset(sig, 0, sizeof(lcp_rsa_signature_t) + 2*keysize);
sig->rsa_signature.pubkey_size = keysize;
-
- BIGNUM *modulus = BN_new();
-
+
/* OpenSSL Version 1.1.0 and later don't allow direct access to RSA
stuct */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ BIGNUM *modulus = BN_new();
RSA_get0_key(pubkey, (const BIGNUM **)&modulus, NULL, NULL);
#else
- modulus = pubkey->n;
+ BIGNUM *modulus = BN_dup(pubkey->n);
#endif
unsigned char key[keysize];
diff --git a/lcptools-v2/lcputils.c b/lcptools-v2/lcputils.c
index 5bf0de4..ed6e9bf 100644
--- a/lcptools-v2/lcputils.c
+++ b/lcptools-v2/lcputils.c
@@ -384,8 +384,8 @@ bool verify_signature(const uint8_t *data, size_t data_size,
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
RSA_set0_key(rsa_pubkey, modulus, exponent, NULL);
#else
- rsa_pubkey->n = modulus;
- rsa_pubkey->e = exponent;
+ rsa_pubkey->n = BN_dup(modulus);
+ rsa_pubkey->e = BN_dup(exponent);
rsa_pubkey->d = rsa_pubkey->p = rsa_pubkey->q = NULL;
#endif
diff --git a/lcptools/crtpollist.c b/lcptools/crtpollist.c
index 0583ffa..01c45f1 100644
--- a/lcptools/crtpollist.c
+++ b/lcptools/crtpollist.c
@@ -155,14 +155,14 @@ static lcp_signature_t *read_pubkey_file(const char *file)
memset(sig, 0, sizeof(*sig) + 2*keysize);
sig->pubkey_size = keysize;
-
- BIGNUM *modulus = BN_new();
+
/* OpenSSL Version 1.1.0 and later don't allow direct access to RSA
stuct */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ BIGNUM *modulus = BN_new();
RSA_get0_key(pubkey, (const BIGNUM **)&modulus, NULL, NULL);
#else
- modulus = pubkey->n;
+ BIGNUM *modulus = BN_dup(pubkey->n);
#endif
unsigned char key[keysize];
BN_bn2bin(modulus, key);
diff --git a/lcptools/lcputils2.c b/lcptools/lcputils2.c
index 3d6f855..797b71d 100644
--- a/lcptools/lcputils2.c
+++ b/lcptools/lcputils2.c
@@ -288,8 +288,8 @@ bool verify_signature(const uint8_t *data, size_t data_size,
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
RSA_set0_key(rsa_pubkey, modulus, exponent, NULL);
#else
- rsa_pubkey->n = modulus;
- rsa_pubkey->e = exponent;
+ rsa_pubkey->n = BN_dup(modulus);
+ rsa_pubkey->e = BN_dup(exponent);
rsa_pubkey->d = rsa_pubkey->p = rsa_pubkey->q = NULL;
#endif
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
