Openssl102 #6

trevp · 2013-06-26T04:32:01Z

Backport "custom extensions" and "serverinfo" support from master.

Add support for arbitrary TLS extensions. Contributed by Trevor Perrin. Conflicts: CHANGES ssl/ssl.h ssl/ssltest.c test/testssl

Cleanup of custom extension stuff. serverinfo rejects non-empty extensions. Omit extension if no relevant serverinfo data. Improve error-handling in serverinfo callback. Cosmetic cleanups. s_client documentation. s_server documentation. SSL_CTX_serverinfo documentation. Cleaup -1 and NULL callback handling for custom extensions, add tests. Cleanup ssl_rsa.c serverinfo code. Whitespace cleanup. Improve comments in ssl.h for serverinfo. Whitespace. Cosmetic cleanup. Reject non-zero-len serverinfo extensions. Whitespace. Make it build. Conflicts: test/testssl

benlaurie · 2013-09-10T14:03:16Z

Merged.

Reformatted parts of code according to new guidelines

Every now and then I need to merge a commit that I did not author or review (someone else has done those things). This adds an option to addrev to enable you to add the "Reviewed by" headers without also adding yourself. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl/openssl#6)

Sometimes the error handling returns an ASN1_STRING object in *out although that was not passed in by the caller, and sometimes the error handling deletes the ASN1_STRING but forgets to clear the *out parameter. Therefore the caller has no chance to know, if the leaked object in *out shall be deleted or not. This may cause a use-after-free error e.g. in asn1_str2type: ==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0 READ of size 8 at 0x603000073280 thread T0 #0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354 #1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204 #2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199 #3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20 #4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740 #5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137 #6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #14 0x564ed19d5f25 in req_main apps/req.c:806 #15 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #16 0x564ed1985165 in main apps/openssl.c:183 #17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 #18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd) 0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288) freed by thread T0 here: #0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122 #1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311 #2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300 #3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191 #4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 #5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 #6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 #7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #15 0x564ed19d5f25 in req_main apps/req.c:806 #16 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #17 0x564ed1985165 in main apps/openssl.c:183 #18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 previously allocated by thread T0 here: #0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221 #2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198 #3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236 #4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150 #6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 #7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 #8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 #9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #17 0x564ed19d5f25 in req_main apps/req.c:806 #18 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #19 0x564ed1985165 in main apps/openssl.c:183 #20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #23165)

Sometimes the error handling returns an ASN1_STRING object in *out although that was not passed in by the caller, and sometimes the error handling deletes the ASN1_STRING but forgets to clear the *out parameter. Therefore the caller has no chance to know, if the leaked object in *out shall be deleted or not. This may cause a use-after-free error e.g. in asn1_str2type: ==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0 READ of size 8 at 0x603000073280 thread T0 #0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354 #1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204 #2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199 #3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20 #4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740 #5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137 #6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #14 0x564ed19d5f25 in req_main apps/req.c:806 #15 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #16 0x564ed1985165 in main apps/openssl.c:183 #17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 #18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd) 0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288) freed by thread T0 here: #0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122 #1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311 #2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300 #3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191 #4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 #5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 #6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 #7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #15 0x564ed19d5f25 in req_main apps/req.c:806 #16 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #17 0x564ed1985165 in main apps/openssl.c:183 #18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 previously allocated by thread T0 here: #0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221 #2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198 #3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236 #4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150 #6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 #7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 #8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 #9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #17 0x564ed19d5f25 in req_main apps/req.c:806 #18 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #19 0x564ed1985165 in main apps/openssl.c:183 #20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #23165) (cherry picked from commit dfa1e49)

Here the undefined value "npa" passed to a function WPACKET_sub_memcpy_u16(pkt, npa, npalen). However the value is not really used, because "npalen" is zero, but the call statememt itself is considered an invalid operation by the new sanitizer. The original sanitizer error report was: ==49175==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21 openssl#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15 openssl#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10 openssl#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26 openssl#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21 openssl#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12 openssl#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19 openssl#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12 openssl#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24 openssl#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10 openssl#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14 openssl#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21 openssl#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15

Here the undefined value "npa" passed to a function WPACKET_sub_memcpy_u16(pkt, npa, npalen). However the value is not really used, because "npalen" is zero, but the call statememt itself is considered an invalid operation by the new sanitizer. The original sanitizer error report was: ==49175==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21 #1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15 #2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10 #3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26 #4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21 #5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12 #6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19 #7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12 #8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24 #9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10 #10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14 #11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21 #12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #26269)

Here the undefined value "npa" passed to a function WPACKET_sub_memcpy_u16(pkt, npa, npalen). However the value is not really used, because "npalen" is zero, but the call statememt itself is considered an invalid operation by the new sanitizer. The original sanitizer error report was: ==49175==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21 #1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15 #2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10 #3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26 #4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21 #5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12 #6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19 #7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12 #8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24 #9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10 #10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14 #11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21 #12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #26269) (cherry picked from commit e63e889)

Here the undefined value "npa" was passed to a function WPACKET_sub_memcpy_u16(pkt, npa, npalen). However the value is not really used, because "npalen" is zero, but the call statememt itself is considered an invalid operation by the new sanitizer. The original sanitizer error report was: ==49175==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21 openssl#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15 openssl#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10 openssl#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26 openssl#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21 openssl#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12 openssl#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19 openssl#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12 openssl#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24 openssl#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10 openssl#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14 openssl#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21 openssl#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#26269) (cherry picked from commit e63e889)

This happens usually if an template object is created and there is an out of memory error before the ASN1_OP_NEW_POST method is called, but asn1_item_embed_free calls now the ASN1_OP_FREE_POST which may crash because the object is not properly initialized. Apparently that is only an issue with the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which ought to be tolerant to incomplete initialized objects. The error can be reproduced with the reproducible error injection patch: $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4 #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 rogii-com#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114 rogii-com#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230 rogii-com#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 rogii-com#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318 rogii-com#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78 openssl#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240 openssl#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 openssl#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240 openssl#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 openssl#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 openssl#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 openssl#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 openssl#21 0x40893b in testfile fuzz/test-corpus.c:182 openssl#22 0x406b86 in main fuzz/test-corpus.c:226 openssl#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer:DEADLYSIGNAL ================================================================= ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0) ==1194==The signal is caused by a READ memory access. ==1194==Hint: address points to the zero page. #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258 rogii-com#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113 rogii-com#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150 rogii-com#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 rogii-com#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 rogii-com#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 openssl#14 0x40893b in testfile fuzz/test-corpus.c:182 openssl#15 0x406b86 in main fuzz/test-corpus.c:226 openssl#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb ==1194==ABORTING Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18360) (cherry picked from commit 557825a)

This is reproducible with my error injection patch: $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: ================================================================= ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 rogii-com#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 rogii-com#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 rogii-com#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 rogii-com#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 rogii-com#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 openssl#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 openssl#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 openssl#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 openssl#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 openssl#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 openssl#11 0x40370b in testfile fuzz/test-corpus.c:182 openssl#12 0x402846 in main fuzz/test-corpus.c:226 openssl#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#18361)

This is reproducible with my error injection patch: $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d ERROR_INJECT=1653267699 #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 rogii-com#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 rogii-com#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 rogii-com#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 rogii-com#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 rogii-com#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 openssl#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 openssl#7 0x55c12d267c7f in main fuzz/test-corpus.c:226 openssl#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 openssl#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) ================================================================= ==1058475==ERROR: LeakSanitizer: detected memory leaks Direct leak of 268 byte(s) in 1 object(s) allocated from: #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 rogii-com#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 rogii-com#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 rogii-com#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 rogii-com#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 rogii-com#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 openssl#6 0x55c12d267c7f in main fuzz/test-corpus.c:226 openssl#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#18370)

Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 rogii-com#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 rogii-com#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 rogii-com#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 rogii-com#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 rogii-com#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 openssl#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 openssl#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 openssl#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 openssl#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 openssl#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 openssl#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 openssl#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 openssl#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 openssl#14 0x40371b in testfile fuzz/test-corpus.c:182 openssl#15 0x402856 in main fuzz/test-corpus.c:226 openssl#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL ================================================================= ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 rogii-com#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 rogii-com#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 rogii-com#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 rogii-com#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 rogii-com#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 openssl#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 openssl#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 openssl#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 openssl#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 openssl#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 openssl#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 openssl#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 openssl#13 0x40371b in testfile fuzz/test-corpus.c:182 openssl#14 0x402856 in main fuzz/test-corpus.c:226 openssl#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#18376) (cherry picked from commit dc0ef29)

This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1 log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out ERROR_INJECT=1653520461 #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 rogii-com#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129 rogii-com#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198 rogii-com#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242 rogii-com#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168 rogii-com#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111 openssl#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246 openssl#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 openssl#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 openssl#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 openssl#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 openssl#24 0x402bbb in testfile fuzz/test-corpus.c:182 openssl#25 0x402626 in main fuzz/test-corpus.c:226 openssl#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706) ================================================================= ==29625==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 rogii-com#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230 rogii-com#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209 rogii-com#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928 rogii-com#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577 rogii-com#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178 openssl#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142 openssl#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97 openssl#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246 openssl#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 openssl#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 openssl#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 openssl#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 openssl#29 0x402bbb in testfile fuzz/test-corpus.c:182 openssl#30 0x402626 in main fuzz/test-corpus.c:226 openssl#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s). Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18391) (cherry picked from commit e9007e0)

This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 rogii-com#1 0x402f84 in my_malloc fuzz/test-corpus.c:114 rogii-com#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 rogii-com#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 rogii-com#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 rogii-com#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 openssl#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 openssl#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 openssl#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 openssl#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 openssl#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 openssl#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 openssl#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#26 0x402afb in testfile fuzz/test-corpus.c:182 openssl#27 0x402656 in main fuzz/test-corpus.c:226 openssl#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) ================================================================= ==12221==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 rogii-com#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 rogii-com#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 rogii-com#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 rogii-com#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 rogii-com#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 openssl#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 openssl#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 openssl#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#22 0x402afb in testfile fuzz/test-corpus.c:182 openssl#23 0x402656 in main fuzz/test-corpus.c:226 openssl#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) Indirect leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 rogii-com#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 rogii-com#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 rogii-com#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 rogii-com#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 rogii-com#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 openssl#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 openssl#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 openssl#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 openssl#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#23 0x402afb in testfile fuzz/test-corpus.c:182 openssl#24 0x402656 in main fuzz/test-corpus.c:226 openssl#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from openssl#18632)

This was found by my Reproducible Error Injection patch (openssl#18356) Due to the exact location of the injected memory error the sha256 digest is missing, and this causes much later the memory leak (and a failed assertion) in tls13_generate_secret. But the reproduction is a bit challenging, as it requires AESNI and RDRAND capability. OPENSSL_ia32cap=0x4200000000000000 ERROR_INJECT=1657070330 ../util/shlib_wrap.sh ./client-test ./corpora/client/791afc153e17db072175eeef85385a38d7f6d194 #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 rogii-com#1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 rogii-com#2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 rogii-com#3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 rogii-com#4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 rogii-com#5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 openssl#6 0x7fceaf9c6b97 in openssl_add_all_digests_int crypto/evp/c_alld.c:39 openssl#7 0x7fceafa0f8ec in ossl_init_add_all_digests crypto/init.c:275 openssl#8 0x7fceafa0f8ec in ossl_init_add_all_digests_ossl_ crypto/init.c:264 openssl#9 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 openssl#10 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 openssl#11 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:677 openssl#12 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:611 openssl#13 0x7fceafdad3e8 in OPENSSL_init_ssl ssl/ssl_init.c:190 openssl#14 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 openssl#15 0x55fb9117e939 in main fuzz/test-corpus.c:194 openssl#16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 openssl#17 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 rogii-com#1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 rogii-com#2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 rogii-com#3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 rogii-com#4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 rogii-com#5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 openssl#6 0x7fceafdad328 in ossl_init_ssl_base ssl/ssl_init.c:87 openssl#7 0x7fceafdad328 in ossl_init_ssl_base_ossl_ ssl/ssl_init.c:24 openssl#8 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 openssl#9 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 openssl#10 0x7fceafdad412 in OPENSSL_init_ssl ssl/ssl_init.c:193 openssl#11 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 openssl#12 0x55fb9117e939 in main fuzz/test-corpus.c:194 openssl#13 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 openssl#14 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) ================================================================= ==1320996==ERROR: LeakSanitizer: detected memory leaks Direct leak of 80 byte(s) in 1 object(s) allocated from: #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 rogii-com#1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 rogii-com#2 0x7fceafa03a85 in int_ctx_new crypto/evp/pmeth_lib.c:144 rogii-com#3 0x7fceafa03a85 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 rogii-com#4 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 rogii-com#5 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 openssl#6 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 openssl#7 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 openssl#8 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 openssl#9 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 openssl#10 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 openssl#11 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 openssl#12 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 openssl#13 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 openssl#14 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 openssl#15 0x55fb9117eb92 in main fuzz/test-corpus.c:226 openssl#16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 Indirect leak of 1080 byte(s) in 1 object(s) allocated from: #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 rogii-com#1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 rogii-com#2 0x7fceafa11555 in pkey_hkdf_init crypto/kdf/hkdf.c:51 rogii-com#3 0x7fceafa03b36 in int_ctx_new crypto/evp/pmeth_lib.c:160 rogii-com#4 0x7fceafa03b36 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 rogii-com#5 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 openssl#6 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 openssl#7 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 openssl#8 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 openssl#9 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 openssl#10 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 openssl#11 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 openssl#12 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 openssl#13 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 openssl#14 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 openssl#15 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 openssl#16 0x55fb9117eb92 in main fuzz/test-corpus.c:226 openssl#17 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 1160 byte(s) leaked in 2 allocation(s). Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#18725)

Here the undefined value "npa" passed to a function WPACKET_sub_memcpy_u16(pkt, npa, npalen). However the value is not really used, because "npalen" is zero, but the call statememt itself is considered an invalid operation by the new sanitizer. The original sanitizer error report was: ==49175==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21 openssl#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15 openssl#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10 openssl#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26 openssl#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21 openssl#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12 openssl#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19 openssl#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12 openssl#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24 openssl#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10 openssl#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14 openssl#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21 openssl#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#26269)

the self_test_digest_sig() test fails when EC PCT is enabled because ossl_ec_key_pairwise_check() consumes entropy when generator * priv_key = pub_key is calculated in EC_POINT_mul(). #0 RAND_priv_bytes_ex openssl#1 bnrand openssl#2 BN_priv_rand_ex openssl#3 ec_GF2m_simple_ladder_pre openssl#4 ec_point_ladder_pre openssl#5 ossl_ec_scalar_mul_ladder openssl#6 ec_GF2m_simple_points_mul openssl#7 EC_POINT_mul openssl#8 ossl_ec_key_pairwise_check which led to the different signature then expected in the ecdsa_prime_expected_sig. Moving set_kat_drbg() after the EVP_PKEY_fromdata() fixed the problem. Fixes openssl/project#1302 Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>

The new malloc failure test caught an asan error in this code: Direct leak of 40 byte(s) in 1 object(s) allocated from: 2025-08-07T03:22:20.3655117Z #0 0x7fb88d8fd9c7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 2025-08-07T03:22:20.3655796Z #1 0x5584f0e4670a in CRYPTO_malloc crypto/mem.c:211 2025-08-07T03:22:20.3656291Z #2 0x5584f0e4679d in CRYPTO_zalloc crypto/mem.c:231 2025-08-07T03:22:20.3657040Z #3 0x5584f11c4c10 in EVP_RAND_CTX_new crypto/evp/evp_rand.c:353 2025-08-07T03:22:20.3657656Z openssl#4 0x5584f0e93b27 in rand_new_drbg crypto/rand/rand_lib.c:666 2025-08-07T03:22:20.3658289Z openssl#5 0x5584f0e949d0 in rand_get0_public crypto/rand/rand_lib.c:843 2025-08-07T03:22:20.3658914Z openssl#6 0x5584f0e9305b in RAND_bytes_ex crypto/rand/rand_lib.c:490 2025-08-07T03:22:20.3659486Z openssl#7 0x5584f0b2405f in SSL_CTX_new_ex ssl/ssl_lib.c:4191 2025-08-07T03:22:20.3660183Z openssl#8 0x5584f0ae313c in create_ssl_ctx_pair test/helpers/ssltestlib.c:958 2025-08-07T03:22:20.3660871Z openssl#9 0x5584f0adeaf6 in do_handshake test/handshake-memfail.c:56 2025-08-07T03:22:20.3661539Z openssl#10 0x5584f0adee50 in test_alloc_failures test/handshake-memfail.c:125 2025-08-07T03:22:20.3662161Z openssl#11 0x5584f0cd9da8 in run_tests test/testutil/driver.c:342 2025-08-07T03:22:20.3662664Z openssl#12 0x5584f0cda9e5 in main test/testutil/main.c:31 2025-08-07T03:22:20.3663450Z openssl#13 0x7fb88d42a1c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f) 2025-08-07T03:22:20.3664630Z openssl#14 0x7fb88d42a28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f) 2025-08-07T03:22:20.3666608Z openssl#15 0x5584f0ade864 in _start (/home/runner/work/openssl/openssl/test/handshake-memfail+0x22a864) (BuildId: 19659a44d8bed2c082918d25425f77e3a98df534) It occurs because when rand_get0_public/rand_get0_private sets an EVP_RAND_CTX object in its thread local storage, it neglects to check the return code of the operation, which may fail when the associated sparse array is expanded. fix it by checking the return code and failing the get0_[public|private] operation so the failure is graceful. Fixes openssl/project#1315

The new malloc failure test caught an asan error in this code: Direct leak of 40 byte(s) in 1 object(s) allocated from: 2025-08-07T03:22:20.3655117Z #0 0x7fb88d8fd9c7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 2025-08-07T03:22:20.3655796Z #1 0x5584f0e4670a in CRYPTO_malloc crypto/mem.c:211 2025-08-07T03:22:20.3656291Z #2 0x5584f0e4679d in CRYPTO_zalloc crypto/mem.c:231 2025-08-07T03:22:20.3657040Z #3 0x5584f11c4c10 in EVP_RAND_CTX_new crypto/evp/evp_rand.c:353 2025-08-07T03:22:20.3657656Z #4 0x5584f0e93b27 in rand_new_drbg crypto/rand/rand_lib.c:666 2025-08-07T03:22:20.3658289Z #5 0x5584f0e949d0 in rand_get0_public crypto/rand/rand_lib.c:843 2025-08-07T03:22:20.3658914Z #6 0x5584f0e9305b in RAND_bytes_ex crypto/rand/rand_lib.c:490 2025-08-07T03:22:20.3659486Z #7 0x5584f0b2405f in SSL_CTX_new_ex ssl/ssl_lib.c:4191 2025-08-07T03:22:20.3660183Z #8 0x5584f0ae313c in create_ssl_ctx_pair test/helpers/ssltestlib.c:958 2025-08-07T03:22:20.3660871Z #9 0x5584f0adeaf6 in do_handshake test/handshake-memfail.c:56 2025-08-07T03:22:20.3661539Z #10 0x5584f0adee50 in test_alloc_failures test/handshake-memfail.c:125 2025-08-07T03:22:20.3662161Z #11 0x5584f0cd9da8 in run_tests test/testutil/driver.c:342 2025-08-07T03:22:20.3662664Z #12 0x5584f0cda9e5 in main test/testutil/main.c:31 2025-08-07T03:22:20.3663450Z #13 0x7fb88d42a1c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f) 2025-08-07T03:22:20.3664630Z #14 0x7fb88d42a28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f) 2025-08-07T03:22:20.3666608Z #15 0x5584f0ade864 in _start (/home/runner/work/openssl/openssl/test/handshake-memfail+0x22a864) (BuildId: 19659a44d8bed2c082918d25425f77e3a98df534) It occurs because when rand_get0_public/rand_get0_private sets an EVP_RAND_CTX object in its thread local storage, it neglects to check the return code of the operation, which may fail when the associated sparse array is expanded. fix it by checking the return code and failing the get0_[public|private] operation so the failure is graceful. Fixes openssl/project#1315 Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from #28195)

oss-fuzz encountered a heap buffer overflow: https://issues.oss-fuzz.com/issues/447104218 ==411==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x77f58790c190 at pc 0x5688ab279f30 bp 0x7ffc9ec47740 sp 0x7ffc9ec46ee8 READ of size 32 at 0x77f58790c190 thread T0 #0 0x5688ab279f2f in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) /src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:849:7 #1 0x5688ab27a29c in ___interceptor_bcmp /src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:894:10 #2 0x5688ab48c2f8 in aes_xts_check_keys_differ openssl/providers/implementations/ciphers/cipher_aes_xts.c:58:16 #3 0x5688ab48c2f8 in aes_xts_init openssl/providers/implementations/ciphers/cipher_aes_xts.c:93:14 openssl#4 0x5688ab48b3bf in aes_xts_einit openssl/providers/implementations/ciphers/cipher_aes_xts.c:109:12 openssl#5 0x5688ab35a017 in evp_cipher_init_internal openssl/crypto/evp/evp_enc.c:0 openssl#6 0x5688ab35e5d1 in EVP_CipherInit_ex openssl/crypto/evp/evp_enc.c:653:12 openssl#7 0x5688ab35e5d1 in EVP_EncryptInit_ex openssl/crypto/evp/evp_enc.c:819:12 openssl#8 0x5688ab51b3af in cipher_init openssl/providers/implementations/kdfs/krb5kdf.c:483:11 openssl#9 0x5688ab51b3af in KRB5KDF openssl/providers/implementations/kdfs/krb5kdf.c:542:11 openssl#10 0x5688ab51b3af in krb5kdf_derive openssl/providers/implementations/kdfs/krb5kdf.c:150:12 openssl#11 0x5688ab345f6a in do_evp_kdf openssl/fuzz/provider.c:450:9 openssl#12 0x5688ab342c57 in FuzzerTestOneInput openssl/fuzz/provider.c:620:9 openssl#13 0x5688ab347bc9 in ExecuteFilesOnyByOne /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:267:7 openssl#14 0x5688ab3479c9 in LLVMFuzzerRunDriver /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:0 openssl#15 0x5688ab34756b in main /src/aflplusplus/utils/aflpp_driver/aflpp_driver.c:323:10 openssl#16 0x7bc588600082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16 openssl#17 0x5688ab25abad in _start It occurs because when setting parameters for key derivation, we neglect to ensure that the key length provided in the key parameter matches the required length of the key for the underlying cipher. This in turn leads to the underlying cipher (aes-xts in this case), doing a key validation that reads beyond the end of the buffer provided in the parameter. Fix it by preforming a check during param setting to ensure they cipher key length matches the passed buffer length. Fixes openssl/project#1648

Trevor and others added 3 commits June 25, 2013 21:04

Trying cherrypick:

d5f360c

Add support for arbitrary TLS extensions. Contributed by Trevor Perrin. Conflicts: CHANGES ssl/ssl.h ssl/ssltest.c test/testssl

Fix compilation due to #endif.

3d62510

benlaurie closed this Sep 10, 2013

tomato42 referenced this pull request in tomato42/openssl May 24, 2015

Fix issue #6 (speed test doesn't show ChaCha20)

d7e8153

Reformatted parts of code according to new guidelines

oathupdate mentioned this pull request Apr 29, 2016

there is a core dump in openss 1.0.1 e #1010

Closed

elitetony mentioned this pull request Jun 13, 2016

openssl-1.1.0-pre5 coredumped #1205

Closed

maybeonly mentioned this pull request Sep 8, 2016

pthread_rwlock_wrlock crash for NULL pointer #1553

Closed

tmshort mentioned this pull request Sep 27, 2016

Failed tests on OpenSSL 1.1.0b with enable-ec_nistp_64_gcc_128 and/or enable-ssl-trace #1623

Closed

glftpd mentioned this pull request Nov 12, 2016

openssl version command hangs with 1.1.0c and no-dso option #1899

Closed

rainerjung mentioned this pull request Mar 19, 2017

Crash in test during ossltest_destroy() for OpenSSL 1.1.0e on Linux x86_64. #2987

Closed

lyuboasenov mentioned this pull request Apr 26, 2017

X509_sign fails with segmentation fault #3315

Closed

eastyu mentioned this pull request Jun 17, 2017

SSL_CTX_new function call makes a segment fault #3706

Closed

lonewasp mentioned this pull request Jun 20, 2017

SIGSEGV in subcall from FIPS_drbg_generate() #3721

Closed

caikun mentioned this pull request Jul 20, 2017

ssleay_rand_bytes get the Arithmetic exception crash #3978

Closed

wangle6 mentioned this pull request Nov 22, 2017

BUG: The concurrency of settimeofday and ssh connect would lead to coredump #4772

Closed

obisluo mentioned this pull request Jan 11, 2018

deadlock between ssl23_accept () and ssl23_connect () #5062

Closed

sureshyadagari mentioned this pull request Feb 22, 2018

Memory corruption in ssl_lib.c while getting cipher_list from SSL_get_ciphers() function #5435

Closed

bennyg12 mentioned this pull request May 24, 2018

TLS connect failed with "SSL3_GET_RECORD:decryption failed or bad record mac" #6348

Closed

RuurdBeerstra mentioned this pull request Jan 16, 2019

data race in x509 check code #7656 #8031

Closed

chensqecc mentioned this pull request Feb 26, 2019

some doubt about register ssl obj to X509_STORE_CTX in SSL handshake step. #8337

Closed

ttandqq mentioned this pull request May 28, 2019

OPENSSL_cleanup core #9023

Closed

This was referenced Jul 24, 2019

ThreadSanitizer reports lock-order-inversion in evp_extra_test #9454

Closed

ThreadSanitizer reports recursive lock overflow caused by impl_cache_flush_cache() #9455

Closed

raniervf mentioned this pull request Aug 10, 2019

Memory leaks report by Dr.Memory Windows (OpenSSL-1.1.1c) #6 #9564

Closed

mspncp mentioned this pull request Aug 14, 2019

Remove the context lock. #9513

Closed

2 tasks

nitinmaru mentioned this pull request Aug 21, 2019

arm64 openssl programm is blocking when i call SSL_connect #9641

Closed

dlegaultbbry mentioned this pull request Sep 16, 2019

shlibload test failure in atexit handlers #9914

Closed

anil9811 mentioned this pull request Sep 27, 2024

Openssl API "X509_verify_cert" is failing with openssl3.0 but working in openssl1.1.1. Can we know reasons why it is failing in openssl3.0? #25555

Open

uchina1 mentioned this pull request Dec 5, 2024

Segmentation fault in X509_ACERT_sign_ctx #26107

Closed

AustrianSimon mentioned this pull request May 5, 2025

tls_client_method and sendmail/STARTTLS not working on a number of mail servers with TLS1.2 and TLS1.1 #27557

Open

wangzengliang123 mentioned this pull request May 16, 2025

When multiple engines are loaded, the last engine fails to be loaded, and only the destroy function of the first engine is invoked. #27633

Closed

npajkovsky mentioned this pull request Jul 29, 2025

Pairwise check for EC keys import as part of FIPS #28114

Closed

Anveena mentioned this pull request Sep 10, 2025

QUIC: Double-free in error handling when connection reset with multiple connections #28501

Closed

nhorman mentioned this pull request Sep 24, 2025

Fix heap buffer overflow in krb5kdf #28656

Closed

lan1120 mentioned this pull request Jan 15, 2026

BIO_set_data() causes crash #29645

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Openssl102 #6

Openssl102 #6

Uh oh!

trevp commented Jun 26, 2013

Uh oh!

benlaurie commented Sep 10, 2013

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Openssl102 #6

Openssl102 #6

Uh oh!

Conversation

trevp commented Jun 26, 2013

Uh oh!

benlaurie commented Sep 10, 2013

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants