NetBSD Problem Report #47908

From www@NetBSD.org  Fri Jun  7 20:13:35 2013
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 8A80A71B42
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  7 Jun 2013 20:13:35 +0000 (UTC)
Message-Id: <20130607201333.EE2A371B65@mollari.NetBSD.org>
Date: Fri,  7 Jun 2013 20:13:33 +0000 (UTC)
From: gary_grebus@dell.com
Reply-To: gary_grebus@dell.com
To: gnats-bugs@NetBSD.org
Subject: OpenSSL SSL connection fails with unaligned access error with SHA256
X-Send-Pr-Version: www-1.0

>Number:         47908
>Category:       lib
>Synopsis:       OpenSSL SSL connection fails with unaligned access error with SHA256
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jun 07 20:15:00 +0000 2013
>Last-Modified:  Sat Jun 08 20:59:21 +0000 2013
>Originator:     Gary Grebus
>Release:        5.0_STABLE
>Organization:
Dell Inc.
>Environment:
NetBSD kirt4 5.0_STABLE NetBSD 5.0_STABLE (EQL.PSS) #0: Thu Jun  6 14:52:36 EDT 2013  gary_grebus@ggrebus:/b/sb/bin/destdir.sbmips.64.release/EQL.PSS.64 sbmips

>Description:
An OpenSSL SSL connection fails with an unaligned access error
(SIGBUS) while performing a SHA256_Transform() operation.  This occurred on a
NetBSD 5.0_STABLE system running on MIPS architecture:

netmgtd: ELF 32-bit N32 LSB MIPS32 executable, MIPS, version 1 (SYSV),
for NetBSD, dynamically linked (uses shared libs)


The stack backtrace shows that _SHA56_Transform is in fact trying to
access unaligned data: 

#0  _SHA256_Transform (context=0x69fff580, data=0x77d4004b)
    at ../../../../../../NetBSD/src/lib/libc/../../common/lib/libc/hash/sha2/sha2.c:427
#1  0x784c748c in ssl3_cbc_digest_record (ctx=0x69fff750, md_out=0x69fff7e0 "", 
    md_out_size=0x69fff730, header=0x69fff740 "", 
    data=0x77d40018 "GET /logo.png HTTP/1.1\r\nAccept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5\r\nReferer: https://[fc00:2496::10:124:111:141]/welcome.html\r\nAccept-Language: en-US\r\nUser-Agent: Mozilla/5.0 (compatib"..., data_plus_mac_size=<optimized out>, 
    data_plus_mac_plus_padding_size=<optimized out>, 
    mac_secret=0x77d73814 "\351\275A\324\370$P\022?\316?!x\207Sg[\a\246\070S\204{H^\373$\362\345f)l", mac_secret_length=32, is_sslv3=0 '\000')
    at ../../../../../../NetBSD/src/crypto/dist/openssl/ssl/s3_cbc.c:662
#2  0x784bc5c8 in tls1_mac (ssl=0x77d60160, md=0x69fff7e0 "", send=0)
    at ../../../../../../NetBSD/src/crypto/dist/openssl/ssl/t1_enc.c:1019
#3  0x784c3b58 in ssl3_get_record (s=0x77d60160)
    at ../../../../../../NetBSD/src/crypto/dist/openssl/ssl/s3_pkt.c:469
#4  ssl3_read_bytes (s=0x77d60160, type=23, 
    buf=0x77d74800 "GET /welcome.html HTTP/1.1\r\nAccept: text/html, application/xhtml+xml, */*\r\nUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)\r\nAccept-Encoding: gzip, deflate\r\nCookie: p"..., len=1, peek=0)
    at ../../../../../../NetBSD/src/crypto/dist/openssl/ssl/s3_pkt.c:1006
#5  0x784c92e8 in ssl3_read_internal (s=0x77d60160, buf=0x77d74800, len=1, peek=0)
    at ../../../../../../NetBSD/src/crypto/dist/openssl/ssl/s3_lib.c:4207
---Type <return> to continue, or q <return> to quit---
#6  0x10095874 in EQL_generic_SocketRead (sock=<optimized out>, 
    pBuf=0x77d74800 "GET /welcome.html HTTP/1.1\r\nAccept: text/html, application/xhtml+xml, */*\r\nUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)\r\nAccept-Encoding: gzip, deflate\r\nCookie: p"..., BufSize=1)
    at ../../../../../../../../../../NetBSD/src/EQL/netmgt/RC/src/equallogic/cli/ssl_utils.c:655
#7  0x10053c5c in REQUEST_Construct (sock=26, pp_envInit=0x69fffb50)
    at ../../../../../../../../../../NetBSD/src/EQL/netmgt/RC/src/rli_code/wcontrol/rcw_request.c:600

... etc ..

src/common/lib/libc/hash/sha2/sha2.c

426:	do {
427:		W256[j] = be32toh(*data);
428:		++data;


src/crypto/dist/openssl/ssl/s3_cbc.c:662

661		for (i = 1; i < k/md_block_size; i++)
662			md_transform(md_state.c, data + md_block_size*i - 13);
663		}


The underlying cause is that on NetBSD, the OpenSSL build does not use
the OpenSSL implementation of SHA256, but rather uses the above
version from libc.  The OpenSSL version correctly handles unaligned
accesses, while the NetBSD libc implementation does not.  I confirmed
this by rebuilding my code to reference the OpenSSL version of 
SHA256_Transform() from  /src/crypto/dist/openssl/crypto/sha/sha256.c.
Doing so fixed the unaligned access. 

SHA256_Transform() is effectively an internal OpenSSL API so it
shouldn't be replaced with a different implementation with different behavior.
It appears that all the SHA-2 hashes (SHA256, SHA384, SHA512) will
suffer from this problem.

>How-To-Repeat:
We've observed this problem consistently with our SSL based application, but I have no portable way to demonstrate it.
>Fix:
The description above gives what I believe to be the underlying cause.  Restoring OpenSSL to use its original SHA256_Transform() resolves the problem, but I don't know the best solution to avoid the name conflicts
between libc and OpenSSL without modifying OpenSSL.

>Release-Note:

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/47908 CVS commit: src/common/lib/libc/hash/sha2
Date: Fri, 7 Jun 2013 18:40:34 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Fri Jun  7 22:40:34 UTC 2013

 Modified Files:
 	src/common/lib/libc/hash/sha2: sha2.c

 Log Message:
 PR/47908: Gary Grebus: SHA256_Transform and SHA512_Transform are called
 by openssl with unaligned buffers. All other Transforms can handle unaligned
 buffers so make these handle them too.
 XXX[1]: any better fixes are welcome
 XXX[2]: pullup-5, pullup-6


 To generate a diff of this commit:
 cvs rdiff -u -r1.21 -r1.22 src/common/lib/libc/hash/sha2/sha2.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Responsible-Changed-From-To: pkg-manager->lib-bug-people
Responsible-Changed-By: hauke@NetBSD.org
Responsible-Changed-When: Sat, 08 Jun 2013 20:59:21 +0000
Responsible-Changed-Why:
This issue is about NetBSD libraries, and has nothing to do 
with pkgsrc.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.