Add OPENSSL_HAS_QUIC define #3
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Inverse of the OPENSSL_NO_QUIC, the OPENSSL_HAS_QUIC is only defined when QUIC is available.
|
I like the idea; but there are currently no There really is no good way to detect if the QUIC API is available; there's no other #define to check against. |
|
What about extending the 't' query values for https://www.openssl.org/docs/man1.1.1/man3/OpenSSL_version.html |
|
I see this as more of a compile-time vs run-time check. @jasnell ? |
Starting to like this idea a bit more. The #define can be used as a compile-time check, the call a run-time check. |
|
See #4 (for 3.0.0, equivalent would be done for 1.1.1) |
|
Yep, it's a compile time check. Essentially, for Node.js, we have folks that are going to be building Node.js using the upstream openssl/openssl and I want a very simple |
|
See #6 for 1.1.1 version. Same #define, but new functions were introduced in 3.0... |
tmshort
added a commit
that referenced
this pull request
Mar 18, 2021
tmshort
added a commit
that referenced
this pull request
Apr 9, 2021
tmshort
added a commit
that referenced
this pull request
Apr 22, 2021
tmshort
added a commit
that referenced
this pull request
May 11, 2021
tmshort
added a commit
that referenced
this pull request
May 24, 2021
tmshort
added a commit
that referenced
this pull request
Jun 19, 2021
tmshort
added a commit
that referenced
this pull request
Jul 29, 2021
tmshort
added a commit
that referenced
this pull request
Sep 7, 2021
tmshort
pushed a commit
that referenced
this pull request
Dec 14, 2021
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
#1 0x57af0d in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
#2 0x57af0d in CRYPTO_realloc /src/openssl/crypto/mem.c:207:16
#3 0x569d17 in BUF_MEM_grow /src/openssl/crypto/buffer/buffer.c:97:15
#4 0x5c3629 in str_copy /src/openssl/crypto/conf/conf_def.c:642:10
#5 0x5c1cc1 in def_load_bio /src/openssl/crypto/conf/conf_def.c:452:22
#6 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
#7 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
#8 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
#9 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
#10 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#11 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
#12 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#16813)
(cherry picked from commit 74b4858)
tmshort
pushed a commit
that referenced
this pull request
Dec 14, 2021
Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
#1 0x57acd9 in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
#2 0x57e106 in CRYPTO_strdup /src/openssl/crypto/o_str.c:24:11
#3 0x5c139f in def_load_bio /src/openssl/crypto/conf/conf_def.c:427:45
#4 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
#5 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
#6 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
#7 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
#8 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#9 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
#10 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7f15336bf0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#16813)
(cherry picked from commit 19b30f1)
tmshort
added a commit
that referenced
this pull request
Dec 14, 2021
tmshort
added a commit
that referenced
this pull request
Mar 15, 2022
tmshort
added a commit
that referenced
this pull request
Mar 15, 2022
tmshort
added a commit
that referenced
this pull request
May 3, 2022
tmshort
pushed a commit
that referenced
this pull request
Jun 21, 2022
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#18360)
(cherry picked from commit 557825a)
tmshort
pushed a commit
that referenced
this pull request
Jun 21, 2022
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
=================================================================
==19676==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
#11 0x40370b in testfile fuzz/test-corpus.c:182
#12 0x402846 in main fuzz/test-corpus.c:226
#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl#18366)
(cherry picked from commit 22a96c6)
tmshort
pushed a commit
that referenced
this pull request
Jun 21, 2022
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
#0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)
=================================================================
==1058475==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 268 byte(s) in 1 object(s) allocated from:
#0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl#18371)
(cherry picked from commit b7e28c0)
wbl
pushed a commit
that referenced
this pull request
Oct 24, 2023
tmshort
added a commit
that referenced
this pull request
Oct 26, 2023
wbl
pushed a commit
that referenced
this pull request
Jan 30, 2024
if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.
Steps to reproduce:
$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
#8 0x555c5f528537 in req_main apps/req.c:683
#9 0x555c5f50e315 in do_cmd apps/openssl.c:426
#10 0x555c5f4c5575 in main apps/openssl.c:307
#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#23365)
(cherry picked from commit ff78d94)
wbl
pushed a commit
that referenced
this pull request
Jan 30, 2024
fake_now in the quictestlib is read/written by potentially many threads, and as such should have a surrounding lock to prevent WAR/RAW errors as caught by tsan: 2023-11-03T16:27:23.7184999Z ================== 2023-11-03T16:27:23.7185290Z WARNING: ThreadSanitizer: data race (pid=18754) 2023-11-03T16:27:23.7185720Z Read of size 8 at 0x558f6f9fe970 by main thread: 2023-11-03T16:27:23.7186726Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aead) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7187665Z #1 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7188567Z #2 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7189561Z #3 run_tests <null> (quicapitest+0x2237ab) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7190294Z #4 main <null> (quicapitest+0x223d2b) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7190720Z 2023-11-03T16:27:23.7190902Z Previous write of size 8 at 0x558f6f9fe970 by thread T1: 2023-11-03T16:27:23.7191607Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aecf) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7192505Z #1 run_server_thread quictestlib.c (quicapitest+0x14b1d6) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7193361Z #2 thread_run quictestlib.c (quicapitest+0x14cadf) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7193848Z 2023-11-03T16:27:23.7194220Z Location is global 'fake_now.0' of size 8 at 0x558f6f9fe970 (quicapitest+0x1af4970) 2023-11-03T16:27:23.7194636Z 2023-11-03T16:27:23.7194816Z Thread T1 (tid=18760, running) created by main thread at: 2023-11-03T16:27:23.7195465Z #0 pthread_create <null> (quicapitest+0xca12d) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7196317Z #1 qtest_create_quic_connection_ex <null> (quicapitest+0x14adcb) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7197214Z #2 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7198111Z #3 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7198940Z #4 run_tests <null> (quicapitest+0x2237ab) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7199661Z #5 main <null> (quicapitest+0x223d2b) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7200083Z 2023-11-03T16:27:23.7200862Z SUMMARY: ThreadSanitizer: data race (/home/runner/work/openssl/openssl/test/quicapitest+0x14aead) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) in qtest_create_quic_connection_ex Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22616)
wbl
pushed a commit
that referenced
this pull request
Jan 30, 2024
Sometimes the error handling returns an ASN1_STRING
object in *out although that was not passed in by the
caller, and sometimes the error handling deletes the
ASN1_STRING but forgets to clear the *out parameter.
Therefore the caller has no chance to know, if the leaked
object in *out shall be deleted or not.
This may cause a use-after-free error e.g. in asn1_str2type:
==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0
READ of size 8 at 0x603000073280 thread T0
#0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354
#1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204
#2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199
#3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20
#4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740
#5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137
#6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
#7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
#8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
#9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
#10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
#11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
#12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
#13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
#14 0x564ed19d5f25 in req_main apps/req.c:806
#15 0x564ed19b8de0 in do_cmd apps/openssl.c:564
#16 0x564ed1985165 in main apps/openssl.c:183
#17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
#18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd)
0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288)
freed by thread T0 here:
#0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
#1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311
#2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300
#3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191
#4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
#5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
#6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
#7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
#8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
#9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
#10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
#11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
#12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
#13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
#14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
#15 0x564ed19d5f25 in req_main apps/req.c:806
#16 0x564ed19b8de0 in do_cmd apps/openssl.c:564
#17 0x564ed1985165 in main apps/openssl.c:183
#18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
previously allocated by thread T0 here:
#0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221
#2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198
#3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236
#4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150
#6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
#7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
#8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
#9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
#10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
#11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
#12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
#13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
#14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
#15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
#16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
#17 0x564ed19d5f25 in req_main apps/req.c:806
#18 0x564ed19b8de0 in do_cmd apps/openssl.c:564
#19 0x564ed1985165 in main apps/openssl.c:183
#20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#23138)
wbl
pushed a commit
that referenced
this pull request
Jan 30, 2024
if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.
Steps to reproduce:
$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
#8 0x555c5f528537 in req_main apps/req.c:683
#9 0x555c5f50e315 in do_cmd apps/openssl.c:426
#10 0x555c5f4c5575 in main apps/openssl.c:307
#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#23365)
wbl
pushed a commit
that referenced
this pull request
Jan 30, 2024
if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.
Steps to reproduce:
$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
#8 0x555c5f528537 in req_main apps/req.c:683
#9 0x555c5f50e315 in do_cmd apps/openssl.c:426
#10 0x555c5f4c5575 in main apps/openssl.c:307
#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#23365)
(cherry picked from commit ff78d94)
wbl
pushed a commit
that referenced
this pull request
Jan 30, 2024
fake_now in the quictestlib is read/written by potentially many threads, and as such should have a surrounding lock to prevent WAR/RAW errors as caught by tsan: 2023-11-03T16:27:23.7184999Z ================== 2023-11-03T16:27:23.7185290Z WARNING: ThreadSanitizer: data race (pid=18754) 2023-11-03T16:27:23.7185720Z Read of size 8 at 0x558f6f9fe970 by main thread: 2023-11-03T16:27:23.7186726Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aead) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7187665Z #1 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7188567Z #2 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7189561Z #3 run_tests <null> (quicapitest+0x2237ab) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7190294Z #4 main <null> (quicapitest+0x223d2b) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7190720Z 2023-11-03T16:27:23.7190902Z Previous write of size 8 at 0x558f6f9fe970 by thread T1: 2023-11-03T16:27:23.7191607Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aecf) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7192505Z #1 run_server_thread quictestlib.c (quicapitest+0x14b1d6) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7193361Z #2 thread_run quictestlib.c (quicapitest+0x14cadf) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7193848Z 2023-11-03T16:27:23.7194220Z Location is global 'fake_now.0' of size 8 at 0x558f6f9fe970 (quicapitest+0x1af4970) 2023-11-03T16:27:23.7194636Z 2023-11-03T16:27:23.7194816Z Thread T1 (tid=18760, running) created by main thread at: 2023-11-03T16:27:23.7195465Z #0 pthread_create <null> (quicapitest+0xca12d) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7196317Z #1 qtest_create_quic_connection_ex <null> (quicapitest+0x14adcb) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7197214Z #2 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7198111Z #3 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7198940Z #4 run_tests <null> (quicapitest+0x2237ab) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7199661Z #5 main <null> (quicapitest+0x223d2b) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) 2023-11-03T16:27:23.7200083Z 2023-11-03T16:27:23.7200862Z SUMMARY: ThreadSanitizer: data race (/home/runner/work/openssl/openssl/test/quicapitest+0x14aead) (BuildId: d06f7b04830b55de9c8482b398a1781472d1c7d5) in qtest_create_quic_connection_ex Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22616) (cherry picked from commit 11179b3)
wbl
pushed a commit
that referenced
this pull request
Jan 30, 2024
Sometimes the error handling returns an ASN1_STRING
object in *out although that was not passed in by the
caller, and sometimes the error handling deletes the
ASN1_STRING but forgets to clear the *out parameter.
Therefore the caller has no chance to know, if the leaked
object in *out shall be deleted or not.
This may cause a use-after-free error e.g. in asn1_str2type:
==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0
READ of size 8 at 0x603000073280 thread T0
#0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354
#1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204
#2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199
#3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20
#4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740
#5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137
#6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
#7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
#8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
#9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
#10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
#11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
#12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
#13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
#14 0x564ed19d5f25 in req_main apps/req.c:806
#15 0x564ed19b8de0 in do_cmd apps/openssl.c:564
#16 0x564ed1985165 in main apps/openssl.c:183
#17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
#18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd)
0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288)
freed by thread T0 here:
#0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
#1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311
#2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300
#3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191
#4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
#5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
#6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
#7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
#8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
#9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
#10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
#11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
#12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
#13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
#14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
#15 0x564ed19d5f25 in req_main apps/req.c:806
#16 0x564ed19b8de0 in do_cmd apps/openssl.c:564
#17 0x564ed1985165 in main apps/openssl.c:183
#18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
previously allocated by thread T0 here:
#0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221
#2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198
#3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236
#4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150
#6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
#7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
#8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
#9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
#10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
#11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
#12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
#13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
#14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
#15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
#16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
#17 0x564ed19d5f25 in req_main apps/req.c:806
#18 0x564ed19b8de0 in do_cmd apps/openssl.c:564
#19 0x564ed1985165 in main apps/openssl.c:183
#20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#23138)
(cherry picked from commit 73ebaac)
wbl
pushed a commit
that referenced
this pull request
Jan 30, 2024
if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.
Steps to reproduce:
$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
#8 0x555c5f528537 in req_main apps/req.c:683
#9 0x555c5f50e315 in do_cmd apps/openssl.c:426
#10 0x555c5f4c5575 in main apps/openssl.c:307
#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#23365)
(cherry picked from commit ff78d94)
wbl
pushed a commit
that referenced
this pull request
Jan 30, 2024
tmshort
added a commit
that referenced
this pull request
Jan 30, 2024
tmshort
added a commit
that referenced
this pull request
Jan 30, 2024
Lycs-D
pushed a commit
to web-ngx/quictls
that referenced
this pull request
May 29, 2024
Fixes quictls#2 and quictls#3 and quictls#22 Updates `Configure` script to disable QUIC with `no-bulk` and `no-ec` Updates build.info doc docs Fixes an issue with extension defintions and `no-quic`
Lycs-D
pushed a commit
to web-ngx/quictls
that referenced
this pull request
Jun 3, 2024
Fixes quictls#2 and quictls#3 and quictls#22 Updates `Configure` script to disable QUIC with `no-bulk` and `no-ec` Updates build.info doc docs Fixes an issue with extension defintions and `no-quic`
xl32
pushed a commit
to xl32/openssl
that referenced
this pull request
Jun 6, 2024
Fixes quictls#2 and quictls#3 and quictls#22 Updates `Configure` script to disable QUIC with `no-bulk` and `no-ec` Updates build.info doc docs Fixes an issue with extension defintions and `no-quic`
xl32
pushed a commit
to xl32/openssl
that referenced
this pull request
Jun 6, 2024
Fixes quictls#2 and quictls#3 and quictls#22 Updates `Configure` script to disable QUIC with `no-bulk` and `no-ec` Updates build.info doc docs Fixes an issue with extension defintions and `no-quic`
xl32
pushed a commit
to xl32/openssl
that referenced
this pull request
Jun 7, 2024
Fixes quictls#2 and quictls#3 and quictls#22 Updates `Configure` script to disable QUIC with `no-bulk` and `no-ec` Updates build.info doc docs Fixes an issue with extension defintions and `no-quic`
wbl
pushed a commit
that referenced
this pull request
Jun 12, 2024
The following issue was found in automatic tests with thread sanitizer builds in ClickHouse (which uses OpenSSL 3.2.1) [0]. The first stack [1] does proper locking (function 'x509_store_add', x509_lu.c) but in the second stack [2], function 'get_cert_by_subject_ex' (by_dir.b) forgets to lock when calling 'sk_X509_OBJECT_is_sorted'. [0] ClickHouse/ClickHouse#63049 [1] WARNING: ThreadSanitizer: data race (pid=1870) Write of size 4 at 0x7b08003d6810 by thread T552 (mutexes: write M0, write M1, write M2, write M3): #0 OPENSSL_sk_insert build_docker/./contrib/openssl/crypto/stack/stack.c:280:16 (clickhouse+0x203ad7e4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 OPENSSL_sk_push build_docker/./contrib/openssl/crypto/stack/stack.c:401:12 (clickhouse+0x203ad7e4) #2 x509_store_add build_docker/./contrib/openssl/crypto/x509/x509_lu.c:419:17 (clickhouse+0x203d4a52) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 X509_STORE_add_cert build_docker/./contrib/openssl/crypto/x509/x509_lu.c:432:10 (clickhouse+0x203d48a2) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #4 X509_load_cert_file_ex build_docker/./contrib/openssl/crypto/x509/by_file.c:127:18 (clickhouse+0x203b74e6) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:333:22 (clickhouse+0x203b684c) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #6 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #7 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #8 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #9 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #10 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) #11 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #12 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #13 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #14 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #15 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #16 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #17 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #18 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #19 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) #20 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #21 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #22 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #23 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) [2] Previous read of size 4 at 0x7b08003d6810 by thread T553 (mutexes: write M4, write M5, write M6): #0 OPENSSL_sk_is_sorted build_docker/./contrib/openssl/crypto/stack/stack.c:490:33 (clickhouse+0x203adcff) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:423:10 (clickhouse+0x203b6d8f) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #2 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #4 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #6 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) #7 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #8 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #9 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #10 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #11 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #12 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #13 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #14 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #15 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) #16 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #17 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #18 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #19 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) CLA: trivial Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#24295) (cherry picked from commit af75373)
wbl
pushed a commit
that referenced
this pull request
Jun 12, 2024
The following issue was found in automatic tests with thread sanitizer builds in ClickHouse (which uses OpenSSL 3.2.1) [0]. The first stack [1] does proper locking (function 'x509_store_add', x509_lu.c) but in the second stack [2], function 'get_cert_by_subject_ex' (by_dir.b) forgets to lock when calling 'sk_X509_OBJECT_is_sorted'. [0] ClickHouse/ClickHouse#63049 [1] WARNING: ThreadSanitizer: data race (pid=1870) Write of size 4 at 0x7b08003d6810 by thread T552 (mutexes: write M0, write M1, write M2, write M3): #0 OPENSSL_sk_insert build_docker/./contrib/openssl/crypto/stack/stack.c:280:16 (clickhouse+0x203ad7e4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 OPENSSL_sk_push build_docker/./contrib/openssl/crypto/stack/stack.c:401:12 (clickhouse+0x203ad7e4) #2 x509_store_add build_docker/./contrib/openssl/crypto/x509/x509_lu.c:419:17 (clickhouse+0x203d4a52) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 X509_STORE_add_cert build_docker/./contrib/openssl/crypto/x509/x509_lu.c:432:10 (clickhouse+0x203d48a2) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #4 X509_load_cert_file_ex build_docker/./contrib/openssl/crypto/x509/by_file.c:127:18 (clickhouse+0x203b74e6) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:333:22 (clickhouse+0x203b684c) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #6 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #7 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #8 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #9 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #10 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) #11 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #12 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #13 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #14 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #15 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #16 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #17 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #18 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #19 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) #20 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #21 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #22 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #23 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) [2] Previous read of size 4 at 0x7b08003d6810 by thread T553 (mutexes: write M4, write M5, write M6): #0 OPENSSL_sk_is_sorted build_docker/./contrib/openssl/crypto/stack/stack.c:490:33 (clickhouse+0x203adcff) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:423:10 (clickhouse+0x203b6d8f) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #2 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #4 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #6 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) #7 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #8 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #9 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #10 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #11 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #12 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #13 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #14 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #15 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) #16 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #17 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #18 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #19 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) CLA: trivial Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#24295) (cherry picked from commit af75373)
wbl
pushed a commit
that referenced
this pull request
Jun 12, 2024
The following issue was found in automatic tests with thread sanitizer builds in ClickHouse (which uses OpenSSL 3.2.1) [0]. The first stack [1] does proper locking (function 'x509_store_add', x509_lu.c) but in the second stack [2], function 'get_cert_by_subject_ex' (by_dir.b) forgets to lock when calling 'sk_X509_OBJECT_is_sorted'. [0] ClickHouse/ClickHouse#63049 [1] WARNING: ThreadSanitizer: data race (pid=1870) Write of size 4 at 0x7b08003d6810 by thread T552 (mutexes: write M0, write M1, write M2, write M3): #0 OPENSSL_sk_insert build_docker/./contrib/openssl/crypto/stack/stack.c:280:16 (clickhouse+0x203ad7e4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 OPENSSL_sk_push build_docker/./contrib/openssl/crypto/stack/stack.c:401:12 (clickhouse+0x203ad7e4) #2 x509_store_add build_docker/./contrib/openssl/crypto/x509/x509_lu.c:419:17 (clickhouse+0x203d4a52) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 X509_STORE_add_cert build_docker/./contrib/openssl/crypto/x509/x509_lu.c:432:10 (clickhouse+0x203d48a2) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #4 X509_load_cert_file_ex build_docker/./contrib/openssl/crypto/x509/by_file.c:127:18 (clickhouse+0x203b74e6) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:333:22 (clickhouse+0x203b684c) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #6 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #7 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #8 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #9 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #10 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) #11 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #12 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #13 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #14 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #15 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #16 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #17 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #18 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #19 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) #20 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #21 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #22 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #23 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) [2] Previous read of size 4 at 0x7b08003d6810 by thread T553 (mutexes: write M4, write M5, write M6): #0 OPENSSL_sk_is_sorted build_docker/./contrib/openssl/crypto/stack/stack.c:490:33 (clickhouse+0x203adcff) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:423:10 (clickhouse+0x203b6d8f) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #2 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #4 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #6 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) #7 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #8 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #9 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #10 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #11 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #12 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #13 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #14 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #15 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) #16 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #17 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #18 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #19 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) CLA: trivial Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#24295)
tmshort
added a commit
that referenced
this pull request
Aug 12, 2024
tmshort
added a commit
that referenced
this pull request
Aug 14, 2024
wbl
pushed a commit
that referenced
this pull request
Sep 3, 2024
Running the x509_req_test with address sanitizer shows a memory leak:
==186455==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 53 byte(s) in 1 object(s) allocated from:
#0 0x3ffad5f47af in malloc (/lib64/libasan.so.8+0xf47af) (BuildId: 93b3d2536d76f772a95880d76c746c150daabbee)
#1 0x3ffac4214fb in CRYPTO_malloc crypto/mem.c:202
#2 0x3ffac421759 in CRYPTO_zalloc crypto/mem.c:222
#3 0x100e58f in test_mk_file_path test/testutil/driver.c:450
#4 0x1004671 in test_x509_req_detect_invalid_version test/x509_req_test.c:32
#5 0x100d247 in run_tests test/testutil/driver.c:342
#6 0x10042e3 in main test/testutil/main.c:31
#7 0x3ffaad34a5b in __libc_start_call_main (/lib64/libc.so.6+0x34a5b) (BuildId: 461b58df774538594b6173825bed67a9247a014d)
#8 0x3ffaad34b5d in __libc_start_main@GLIBC_2.2 (/lib64/libc.so.6+0x34b5d) (BuildId: 461b58df774538594b6173825bed67a9247a014d)
#9 0x1004569 (/root/openssl/test/x509_req_test+0x1004569) (BuildId: ab6bce0e531df1e3626a8f506d07f6ad7c7c6d57)
SUMMARY: AddressSanitizer: 53 byte(s) leaked in 1 allocation(s).
The certFilePath that is obtained via test_mk_file_path() must be freed when
no longer used.
While at it, make the certFilePath variable a local variable, there is no need
to have this a global static variable.
Fixes: openssl@7d2c0a4
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#24715)
wbl
pushed a commit
that referenced
this pull request
Sep 3, 2024
Sometimes the error handling returns an ASN1_STRING
object in *out although that was not passed in by the
caller, and sometimes the error handling deletes the
ASN1_STRING but forgets to clear the *out parameter.
Therefore the caller has no chance to know, if the leaked
object in *out shall be deleted or not.
This may cause a use-after-free error e.g. in asn1_str2type:
==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0
READ of size 8 at 0x603000073280 thread T0
#0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354
#1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204
#2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199
#3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20
#4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740
#5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137
#6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
#7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
#8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
#9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
#10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
#11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
#12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
#13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
#14 0x564ed19d5f25 in req_main apps/req.c:806
#15 0x564ed19b8de0 in do_cmd apps/openssl.c:564
#16 0x564ed1985165 in main apps/openssl.c:183
#17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
#18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd)
0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288)
freed by thread T0 here:
#0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
#1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311
#2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300
#3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191
#4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
#5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
#6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
#7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
#8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
#9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
#10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
#11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
#12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
#13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
#14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
#15 0x564ed19d5f25 in req_main apps/req.c:806
#16 0x564ed19b8de0 in do_cmd apps/openssl.c:564
#17 0x564ed1985165 in main apps/openssl.c:183
#18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
previously allocated by thread T0 here:
#0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221
#2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198
#3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236
#4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150
#6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
#7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
#8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
#9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
#10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
#11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
#12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
#13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
#14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
#15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
#16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
#17 0x564ed19d5f25 in req_main apps/req.c:806
#18 0x564ed19b8de0 in do_cmd apps/openssl.c:564
#19 0x564ed1985165 in main apps/openssl.c:183
#20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#23165)
wbl
pushed a commit
that referenced
this pull request
Sep 3, 2024
Sometimes the error handling returns an ASN1_STRING
object in *out although that was not passed in by the
caller, and sometimes the error handling deletes the
ASN1_STRING but forgets to clear the *out parameter.
Therefore the caller has no chance to know, if the leaked
object in *out shall be deleted or not.
This may cause a use-after-free error e.g. in asn1_str2type:
==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0
READ of size 8 at 0x603000073280 thread T0
#0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354
#1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204
#2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199
#3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20
#4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740
#5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137
#6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
#7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
#8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
#9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
#10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
#11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
#12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
#13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
#14 0x564ed19d5f25 in req_main apps/req.c:806
#15 0x564ed19b8de0 in do_cmd apps/openssl.c:564
#16 0x564ed1985165 in main apps/openssl.c:183
#17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
#18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd)
0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288)
freed by thread T0 here:
#0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
#1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311
#2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300
#3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191
#4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
#5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
#6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
#7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
#8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
#9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
#10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
#11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
#12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
#13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
#14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
#15 0x564ed19d5f25 in req_main apps/req.c:806
#16 0x564ed19b8de0 in do_cmd apps/openssl.c:564
#17 0x564ed1985165 in main apps/openssl.c:183
#18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
previously allocated by thread T0 here:
#0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221
#2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198
#3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236
#4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150
#6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
#7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
#8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
#9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
#10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
#11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
#12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
#13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
#14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
#15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
#16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
#17 0x564ed19d5f25 in req_main apps/req.c:806
#18 0x564ed19b8de0 in do_cmd apps/openssl.c:564
#19 0x564ed1985165 in main apps/openssl.c:183
#20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#23165)
(cherry picked from commit dfa1e49)
wbl
pushed a commit
that referenced
this pull request
Sep 3, 2024
wbl
pushed a commit
that referenced
this pull request
Sep 3, 2024
xl32
pushed a commit
to xl32/openssl
that referenced
this pull request
Sep 4, 2024
Fixes quictls#2 and quictls#3 and quictls#22 Updates `Configure` script to disable QUIC with `no-bulk` and `no-ec` Updates build.info doc docs Fixes an issue with extension defintions and `no-quic`
tmshort
added a commit
that referenced
this pull request
Sep 12, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Inverse of the OPENSSL_NO_QUIC, the OPENSSL_HAS_QUIC is only defined when QUIC is available.
This would also need to be applied to the 3.0.0 branch.
I have (as of today) signed and submitted the OpenSSL CLA.
Checklist