Hide Forgot
Description of problem: When running `openssl s_server -dtls1` in FIPS mode, the server crashes after accepting the first connection Version-Release number of selected component (if applicable): openssl-1.0.1e-13.el6.x86_64 How reproducible: always Steps to Reproduce: 1. openssl req -nodes -x509 -new -out server.pem -keyout server.key -days 365 -subj "/C=XX/ST=mystate/L=mytown/O=myorganisation/OU=myou/CN=myname/emailAddress=myemail/" 2. OPENSSL_FORCE_FIPS_MODE=1 openssl s_server -accept 4433 -dtls1 -cert server.pem -key server.key 3. openssl s_client -dtls1 -connect localhost:4433 Actual results: Using default temp DH parameters Using default temp ECDH parameters ACCEPT Segmentation fault (core dumped) Expected results: Connection accepted, cipher negotiated, communication possible. Additional info: gdb stacktrace: [root@rhel6-64 test]# OPENSSL_FORCE_FIPS_MODE=1 gdb --args openssl s_server -accept 4433 -dtls1 -cert server.pem -key server.key GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/openssl...Reading symbols from /usr/lib/debug/usr/bin/openssl.debug...done. done. (gdb) run Starting program: /usr/bin/openssl s_server -accept 4433 -dtls1 -cert server.pem -key server.key [Thread debugging using libthread_db enabled] Using default temp DH parameters Using default temp ECDH parameters ACCEPT Program received signal SIGSEGV, Segmentation fault. 0x0000000000000000 in ?? () Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.107.el6.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6.x86_64 libcom_err-1.41.12-14.el6.x86_64 libselinux-2.0.94-5.3.el6.x86_64 zlib-1.2.3-29.el6.x86_64 (gdb) bt #0 0x0000000000000000 in ?? () #1 0x00007ffff7dbe338 in dtls1_send_server_key_exchange (s=0x760aa0) at d1_srvr.c:1378 #2 0x00007ffff7dbf7f0 in dtls1_accept (s=0x760aa0) at d1_srvr.c:488 #3 0x0000000000439c06 in init_ssl_connection (con=0x760aa0) at s_server.c:2415 #4 0x000000000043a27c in sv_body (hostname=<value optimized out>, s=7, context=<value optimized out>) at s_server.c:2310 #5 0x000000000044cf9a in do_server (port=0x7fffffffe6b6 "4433", type=2, ret=0x67cf98, cb=0x43a0b0 <sv_body>, context=0x0) at s_socket.c:324 #6 0x0000000000438ec7 in s_server_main (argc=0, argv=0x7fffffffe430) at s_server.c:1901 #7 0x0000000000417018 in do_cmd (prog=0x698490, argc=8, argv=0x7fffffffe3f0) at openssl.c:489 #8 0x0000000000417a93 in main (Argc=8, Argv=0x7fffffffe3f0) at openssl.c:381 (gdb) quit A debugging session is active. Inferior 1 [process 11826] will be killed. Quit anyway? (y or n) y This blocks QE from verifying that there is no regression for CVE-2012-2333-record-length-handling-integer-underflow. The problem itself is a regression from openssl-1.0.0-27.el6_4.2.x86_64
I did not hunt for acks on this one and just committed the fix as it is trivial. Can we close this as duplicate of the rebase bug?
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1585.html