Closed Bug 675876 Opened 13 years ago Closed 6 months ago

Crash in PORT_Assert(!ss->xtnData.sniNameArr); in debug build only

Categories

(NSS :: Libraries, defect, P5)

Product:
NSS
Component:
Libraries
Version:
3.12.10
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INACTIVE

People

(Reporter: u238590, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(5 files)

Server code to generate the core dump
8.75 KB, text/plain
Details
Attaching rough patch given by Alexei (not ready for review)
14.84 KB, patch
julien.pierre
: review-
Details | Diff | Splinter Review
Patch v1 - set up socket for the negotiated name before checking cache
17.21 KB, patch
Details | Diff | Splinter Review
assert.cpp test program for crash as reported above
6.39 KB, text/plain
Details
NSS DBs for testing above crash
9.90 KB, application/octet-stream
Details 
I can reproduce a crash in PORT_Assert(!ss->xtnData.sniNameArr); 
http://mxr.mozilla.org/mozilla/source/security/nss/lib/ssl/sslsock.c#441

Attached is file my.cpp. 

To build it use the following Makefile :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$cat Makefile 
SECURITY_DIR=/share/builds/components/security/SECURITY_3.12.10_20110506/SunOS5.8_DBG.OBJ/
all:
        /usr/dist/share/sunstudio_sparc,v12.0/SUNWspro/bin/CC -g -I$(INCL_DIR) -I$(SECURITY_DIR)/include -L$(SECURITY_DIR)/lib -lnspr4 -lnss3 -lssl3 my.cpp

To create certs :
~~~~~~~~~~~~~~~
$certutil -N -d sql:.
$certutil -S -d sql:. -n ecccert -s "CN=www.ecc.com" -t "Cu,Cu,Cu" -k ec -q nistp256 -x -m 1343 -v 120 -5
$certutil -S -d sql:. -n rsacert -s "CN=www.rsa.com" -t "Cu,Cu,Cu" -x -v 120 -5

When it asks for input type
1     5      9    y

To run tests :
~~~~~~~~~~~~~~~
Server :
$./a.out 3333

Client :
$tstclnt -c :C00A -h hostname -d sql:. -o -p 3333 -2 -a www.abc.com < sni-abc.req 
tstclnt: write to SSL socket failed: Cannot communicate securely with peer: no common encryption algorithm(s).

Question is why when I have enabled that cipher in the server program?
cipher TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = { 0xC0, 0x0A } i.e. -c :C00A  

$cat sni-abc.req
GET /sec.html HTTP/1.1
Host: www.abc.com
Connection: close


core dump :
~~~~~~~~~~~~
$dbx a.out core.23855
t@1 (l@1) program terminated by signal ABRT (Abort)
0xfee4c95c: __lwp_kill+0x0008:  bcc,a,pt  %icc,__lwp_kill+0x18  ! 0xfee4c96c
Current function is PR_Assert
(dbx) where                                                                  
current thread: t@1
  [1] __lwp_kill(0x0, 0x6, 0x0, 0x6, 0xffbffeff, 0x0), at 0xfee4c95c 
  [2] raise(0x6, 0x0, 0x0, 0xfee2c1f8, 0xffffffff, 0x6), at 0xfede5d3c 
  [3] abort(0x0, 0x1, 0xfee2c1d4, 0xeea98, 0xfeeb3418, 0x0), at 0xfedc1a2c 
=>[4] PR_Assert(s = 0xff07a51c "!ss->xtnData.sniNameArr", file = 0xff07a534 "sslsock.c", ln = 441), line 577 in "prlog.c"
  [5] ssl_DestroySocketContents(ss = 0xffbfc8b0), line 441 in "sslsock.c"
  [6] ssl_FreeSocket(ss = 0x9d8c0), line 478 in "sslsock.c"
  [7] ssl_DefClose(ss = 0x9d8c0), line 233 in "ssldef.c"
  [8] ssl_SecureClose(ss = 0x9d8c0), line 1078 in "sslsecur.c"
  [9] ssl_Close(fd = 0x6af58), line 1572 in "sslsock.c"
  [10] PR_Close(fd = 0x6af58), line 136 in "priometh.c"
  [11] cleanup(fd = 0x6af58), line 228 in "my.cpp"
  [12] main(argc = 2, argv = 0xffbff95c), line 292 in "my.cpp"
Note that the same problem exists if only 1 ECC cert is added first on the socket. And client requests for RSA cert. That RSA cert is suposed to be returned by SNI Callback using SSL_ConfigureSecureServer. 

Here is what I think is happening : 
When a socket is configured with only one either ECC/RSA cert . Client sends request for the other one RSA/ECC.  We dynamically add the certificate in SNI callback using SSL_ConfigureSecureServer. But I think its too late. Even before that tstclnt gets the error.
Reason why tstclnt is getting "no common cipher ..." error is  : 

 In ssl3_HandleClientHello in file "ssl3con.c", NSS is calling this function  

    /* Disable any ECC cipher suites for which we have no cert. */  
    ssl3_FilterECCipherSuitesByServerCerts(ss);

see http://mxr.mozilla.org/mozilla/source/security/nss/lib/ssl/ssl3con.c#6190

Which disables all ECC ciphers if no ECC certs are registered with the socket  yet. 

We are not registering default ECC cert with this socket in the beginning. 

We add ECC cert when SNI callback is called later which is too late.

So for SNI to work, we must mandate that the users have to add atleast one cert of each type as the default cert in the beginning for all the certs of that type to work in SNI callback.
Also an assumption is made in function ssl3_config_match_init() that if the server cert of that type is already registered as a default certificate for that socket, then only set suite->isPresent flag true. 

http://mxr.mozilla.org/mozilla/source/security/nss/lib/ssl/ssl3con.c#695

 694         svrAuth = ss->serverCerts + exchKeyType;
...
 700         suite->isPresent = (PRBool)
 701         (((exchKeyType == kt_null) ||
 702            ((!isServer || (svrAuth->serverKeyPair &&
 703                            svrAuth->SERVERKEY &&
 704                    svrAuth->serverCertChain)) &&
 705             PK11_TokenExists(kea_alg_defs[exchKeyType]))) &&
 706         ((cipher_alg == calg_null) || PK11_TokenExists(cipher_mech)));
As far as core dump is concerned, 

    5966 ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
calls   ssl3_HandleHelloExtensions() where xtnData is populated as shown below :
 (dbx) p *xtnData
  *xtnData = {
     serverSenders           = (
     {
         sniNameArr              = 0x690a8
        sniNameArrSize          = 1U
     }
 (dbx) p *xtnData->sniNameArr
  *xtnData->sniNameArr = {
      type = siBuffer
      data = 0xa46c2 "www.abc.com"
      len  = 11U
 }
but in this case my program goes to alert_loser  
http://mxr.mozilla.org/mozilla/source/security/nss/lib/ssl/ssl3con.c#6287
    6286     errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
    6287     goto alert_loser;

Since it goes to alert_loser i.e. line 6655 , it skips lines where we are freeing this sniNameArr :

    6603         if (ss->xtnData.sniNameArr) {
    6604             PORT_Free(ss->xtnData.sniNameArr);
    6605             ss->xtnData.sniNameArr = NULL;
    6606             ss->xtnData.sniNameArrSize = 0;
    6607         }

in the end in my program, PR_Close()  calls ssl_DestroySocketContents() which calls  ssl_DestroyGather(). As you can see ssl_DestroyGather sets "www.abc.com" to "".

http://mxr.mozilla.org/mozilla/source/security/nss/lib/ssl/ssl3con.c#6287 
(dbx) n
t@1 (l@1) stopped in ssl_DestroySocketContents at line 411 in file "sslsock.c"
  411       ssl_DestroyGather(&ss->gs);
j = <not active>
*ss->xtnData.sniNameArr = {
    type = siBuffer
    data = 0xa46c2 "www.abc.com"
    len  = 11U
}
ss->xtnData.sniNameArrSize = 1U
(dbx) n
t@1 (l@1) stopped in ssl_DestroySocketContents at line 413 in file "sslsock.c"
  413       if (ss->peerID != NULL)
j = <not active>
*ss->xtnData.sniNameArr = {
    type = siBuffer
    data = 0xa46c2 ""
    len  = 11U
}
and then it dumps core at

t@1 (l@1) stopped in ssl_DestroySocketContents at line 441 in file "sslsock.c"
  441       PORT_Assert(!ss->xtnData.sniNameArr);
Attaching rough patch given by Alexei (not ready for review). There is one bug in this patch as given in https://bugzilla.mozilla.org/show_bug.cgi?id=693274#c2
Assertion happens during the restart due to incorrect setup of the socket when session info is taken from cache. The solution is to pre-configure socket with the sni callback before restring session info from the cache. It has minimum performance impact to restart.

This fix will also resolve the bug 693274
Attachment #567391 - Flags: review?(nelson)
Thanx Alexei for working in the weekend.
OS: Solaris → All
Hardware: Sun → All
Can you tell me which build tags should I use to check out NSS and NSPR to test this patch?

From what I see this patch is built on cvs revision 1.51
    https://bug675876.bugzilla.mozilla.org/attachment.cgi?id=567391&action=diff&collapsed=&context=patch&format=raw&headers=1
    See at the top.

From cvs stats it has one more version 1.52
    $cvs stat ssl3con.c
    ...
    revision 1.152
    date: 2011/10/01 03:59:54; author: bsmith%mozilla.com; state: Exp; lines: +68 -28   
    Bug 665814: Prevent chosen plaintext attacks on SSL 3.0 and TLS 1.0 connections, r=wtc, sr=rrelyea   
    ---------------------------- 
    revision 1.151    
    date: 2011/07/26 02:13:37;  author: wtc%google.com;  state: Exp; lines: +3 -4  
    Bug 673477: Expose the error code set by CERT_ExtractPublicKey in ssl3_VerifySignedHashes and ssl3_SendClientKeyExchange.  r=wtc.      
    ----------------------------

As per the graph http://bonsai.mozilla.org/cvsgraph.cgi?file=mozilla/security/nss/lib/ssl/ssl3con.c
1.51 was checked into NSS_3_13_BETA1
and 
1.52 was checked into NSS_3_13_RTM, NSS_3_13_RC0, NSS_3_13_BETA2, HEAD.
Alexei,
I patched these diffs on NSS 3.12 as shown below.

cvs -q -z3 co -P -r NSPR_4_8_9_RTM mozilla/nsprpub
cvs -q -z3 co -P -r NSS_3_12_BRANCH mozilla/dbm mozilla/security/dbm mozilla/security/coreconf mozilla/security/nss
cvs -q -z3 co -P -r NSS_3_11_1_RTM mozilla/security/nss/lib/freebl/ecl/ecl-curve.h
cd mozilla/security/nss
gmake nss_build_all NSS_ENABLE_ECC=1 NSS_ECC_MORE_THAN_SUITE_B=1 

Assert failures are gone. But the test program attached is failing. Can you please take a look? I am still getting in the client :

tstclnt: write to SSL socket failed: Cannot communicate securely with peer: no common encryption algorithm(s).
Alexei,
    Could this failure be due to the fact that  client uses v2 hello? if yes, how can I change the client code for testing? 
Regards, 
Meena
I tested with our server and tstclnt its working. So looks like the test program I attached was buggy. Please ignore my last two comments.
Alexei,
    This doesn't fix the reconfig Bug 693274 - "If SNI callback function returns a new cert for the same SNI name, SSL session cache returns the older cert by mistake"
I debugged what is happening in my test program, I saw

Its disabling ECC suites first sslecc.cpp file function ssl3_HandleSupportedCurvesXtn

1184 ssl3_DisableECCSuites(ss, ecdhe_ecdsa_suites);

STACK : 

(gdb) where
#0  ssl3_HandleSupportedCurvesXtn (ss=0x6a6280, ex_type=10, data=0x7fffffffd820) at ssl3ecc.c:1184
#1  0x00002aaaab0b18af in ssl3_HandleHelloExtensions (ss=0x6a6280, b=0x7fffffffd880,   length=0x7fffffffd87c) at ssl3ext.c:1384
#2  0x00002aaaab09e44b in ssl3_HandleClientHello (ss=0x6a6280, b=0x6adc6d "", length=6)  at ssl3con.c:6192
#3  0x00002aaaab0a3855 in ssl3_HandleHandshakeMessage (ss=0x6a6280,   b=0x6adbf4 "\003\001N\242\263h\313\372u0\263\234g\374\061\236\254\377\071+\260\224\373\315\036\224\300\273\027C\375I\330#", length=127) at ssl3con.c:8586
#4  0x00002aaaab0a3cee in ssl3_HandleHandshake (ss=0x6a6280, origBuf=0x6a65e8) at ssl3con.c:8721
#5  0x00002aaaab0a48ca in ssl3_HandleRecord (ss=0x6a6280, cText=0x7fffffffdbf0, databuf=0x6a65e8)   at ssl3con.c:9060
#6  0x00002aaaab0a5a65 in ssl3_GatherCompleteHandshake (ss=0x6a6280, flags=0) at ssl3gthr.c:209
#7  0x00002aaaab0a8694 in ssl_GatherRecord1stHandshake (ss=0x6a6280) at sslcon.c:1258
#8  0x00002aaaab0b4203 in ssl_Do1stHandshake (ss=0x6a6280) at sslsecur.c:151
#9  0x00002aaaab0b61cb in ssl_SecureRecv (ss=0x6a6280, buf=0x7fffffffe190 "", len=1024, flags=0)
    at sslsecur.c:1150
#10 0x00002aaaab0b6297 in ssl_SecureRead (ss=0x6a6280, buf=0x7fffffffe190 "", len=1024)   at sslsecur.c:1169
#11 0x00002aaaab0be4c2 in ssl_Read (fd=0x695250, buf=0x7fffffffe190, len=1024) at sslsock.c:1639
#12 0x00002aaaaaabc8e2 in PR_Read (fd=0x695250, buf=0x7fffffffe190, amount=1024)   at ../../../../pr/src/io/priometh.c:141
#13 0x0000000000401449 in readDataFromSocket (sslSocket=0x695250) at my.cpp:195
#14 0x00000000004014f7 in read_write (fd=0x695250) at my.cpp:228
#15 0x0000000000401bfa in main (argc=2, argv=0x7fffffffe778) at my.cpp:293

....

Later In
5874 static int
5875 ssl3_sniSocketConfig(sslSocket *ss, SSL3AlertDescription *desc,
5876                      int *errCode)

It calls SNI Callback function of my test program which returns 0 which is the index of SNI Names array

so it goes to
5928         } else if (ret < ss->xtnData.sniNameArrSize) {

It calls ssl3_config_match_init :

5964	    configedCiphers = ssl3_config_match_init(ss);

In this function I printed the cipher suite set unfortunately it contains only 5 enabled ciphers : 

 {{cipher_suite = 49162, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49172, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 136, policy = 1, enabled = 0,  isPresent = 0}, 
 {cipher_suite = 135, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 57, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 56, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49167, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49157, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 132, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 53, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49159, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49161, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49169,  policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49171, policy = 1, enabled = 0,  isPresent = 0}, 
 {cipher_suite = 69, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 68, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 102, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 51, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 50, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49164, policy = 1,  enabled = 0, isPresent = 0}, 
 {cipher_suite = 49166, policy = 1, enabled = 0, isPresent = 0},
 {cipher_suite = 49154, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49156, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 150, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 65, policy = 1, enabled = 0, isPresent = 0}, 
{cipher_suite = 4, policy = 1, enabled = 1, isPresent = 0}, 
 {cipher_suite = 5, policy = 1,  enabled = 0, isPresent = 0}, 
 {cipher_suite = 47, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49160, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49170,  policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 22, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 19, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49165, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49155, policy = 1, enabled = 0, isPresent = 0}, 
{cipher_suite = 65279, policy = 1, enabled = 1, isPresent = 0}, 
{cipher_suite = 10, policy = 1, enabled = 1, isPresent = 0}, 
 {cipher_suite = 21, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 18, policy = 1, enabled = 0, isPresent = 0}, 
{cipher_suite = 65278, policy = 1, enabled = 1, isPresent = 0}, 
{cipher_suite = 9, policy = 1, enabled = 1, isPresent = 0}, 
 {cipher_suite = 100, policy = 1,  enabled = 0, isPresent = 0},
 {cipher_suite = 98, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 3, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 6, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49158, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49168, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49163,  policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 49153, policy = 1, enabled = 0,  isPresent = 0}, 
 {cipher_suite = 2, policy = 1, enabled = 0, isPresent = 0}, 
 {cipher_suite = 1, policy = 1, enabled = 0, isPresent = 0}}

When I printed out the details of these ciphers I got : 
cipher_suite #   bulk_cipher_alg   mac_alg       key_exchange_alg
             4        cipher_rc4   ssl_mac_md5   kea_rsa
         65279       cipher_3des   ssl_mac_sha   kea_rsa_fips
            10       cipher_3des   ssl_mac_sha   kea_rsa
         65278        cipher_des   ssl_mac_sha   kea_rsa_fips
             9        cipher_des   ssl_mac_sha   kea_rsa

As you can see no ECC ciphers are enabled in the above set so it eventually fails in

6423	    errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
6424	    goto alert_loser;

of lines ssl3_HandleClientHello.

Hope this helps to debug the reason why my test program doesn't work.
My guess is the cipher in my test case and curve do not match. I will fix my test case and let you know.
When I try the reverse case ECC in listen socket and RSA in SNI VS and passing -c c (RSA cipher) in the test client. That works. :-)

Even without SNI my test program crashes  in
    Assertion failure: numPresent > 0 || numEnabled == 0, at ssl3con.c:711
    Aborted
So confirms my belief about curve and cipher.

But when I test in Web Server, the same tstclnt, same NSS libraries, this works. wonder how. 

Here is ssltap output :
    --> [
    (136 bytes of 131)
    SSLRecord { [Mon Oct 24 08:36:09 2011]
       type    = 22 (handshake)
       version = { 3,1 }
       length  = 131 (0x83)
       handshake {
          type = 1 (client_hello)
          length = 127 (0x00007f)
             ClientHelloV3 {
                client_version = {3, 1}
   ...
                cipher_suites[2] = {
                    (0x00ff) TLS_EMPTY_RENEGOTIATION_INFO_SCSV
                    (0xc00a) TLS/ECDHE-ECDSA/AES256-CBC/SHA
                }
                compression[1] = {
                    (00) NULL
                }
                extensions[82] = {
                  extension type server_name, length [16] = {
       0: 00 0e 00 00  0b 77 77 77  2e 61 62 63  2e 63 6f 6d  | .....www.abc.com
                  }
                  extension type elliptic_curves, length [52] = {
       0: 00 32 00 01  00 02 00 03  00 04 00 05  00 06 00 07  | .2..............
      10: 00 08 00 09  00 0a 00 0b  00 0c 00 0d  00 0e 00 0f  | ................
      20: 00 10 00 11  00 12 00 13  00 14 00 15  00 16 00 17  | ................
      30: 00 18 00 19                                         | ....
                  }
                  extension type ec_point_formats, length [2] = {
       0: 01 00                                               | ..
                  }
                }
             }
       }
    }
    ]
    <-- [
    (7 bytes of 2)
    SSLRecord { [Mon Oct 24 08:36:09 2011]
       type    = 21 (alert)
       version = { 3,1 }
       length  = 2 (0x2)
       fatal: handshake_failure
    }
    ]
...

My cert is :

    $certutil -L -d sql:. -n ecccert
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number: 1343 (0x53f)
            Signature Algorithm: X9.62 ECDSA signature with SHA-1
            Issuer: "CN=www.abc.com"
            Validity:  Not Before: ...  Not After : ...
            Subject: "CN=www.abc.com"
            Subject Public Key Info:
                Public Key Algorithm: X9.62 elliptic curve public key
                    Args:   06:08:2a:86:48:ce:3d:03:01:07
                EC Public Key:
                    PublicValue:
                        04:fd:77:40:1e:8f:82:53:c2:b3:51:38:b1:dd:4f:14:
                        3f:96:e9:a8:ef:ae:f4:f4:cb:3f:63:38:5d:68:69:12:
                        33:a0:ce:ac:21:0c:96:e7:4b:b3:d2:c0:29:db:8c:92:
                        32:cc:72:f0:06:73:7b:ec:90:d4:04:35:e4:cf:0c:b3:
                        e2
                    Curve: ANSI X9.62 elliptic curve prime256v1 (aka secp256r1, NIST P-256)
            Signed Extensions:  Name: Certificate Type   Critical: True   Data: <SSL Server,SSL CA>
        Signature Algorithm: X9.62 ECDSA signature with SHA-1
        Signature:
  ...
Meena,

Exactly how did you trigger another assertion ? Please detail what the test case is.
Comment on attachment 566166 [details] [diff] [review]
Attaching rough patch given by Alexei (not ready for review)

Review of attachment 566166 [details] [diff] [review]:
-----------------------------------------------------------------

This patch was reportedly not working.
Attachment #566166 - Flags: review-
I found a  problem.

The test program uses SSL_CipherPrefSetDefault to create the mode socket. If the listener only has an RSA cert, NSS disables the ECC cipher suites early on during handshake processing.
The ECC suites don't get re-enabled again after SNI processing.

If the program is modified to use SSL_CipherPrefSet instead, then things work as expected.
Bob, Wan-Teh,

We need a reviewer for the latest patch attached to this bug. Alexei is no longer with Oracle, and Nelson doesn't have the time. Would either of you be able to take care of it this week ?
If I modify this test program I attached and remove all Virtual Server and SNI part and have just ECC certificate set on listener and with cipher set as follows:

  secStatus = SSL_CipherPrefSetDefault(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, PR_TRUE);

Run this command
/export/home/meena/security/nss-sni-fix-3.12/Linux2.6_64_DBG.OBJ/bin/tstclnt -c :C00A -h hostname -d sql:. -o -p 3333 -2 -a www.abc.com < req.txt

My test program crashes as shown below

$./a.out 3333
Create Listener model socket, add SSL properties, add certificate.
About to call accept.
Reading data from socket...
Assertion failure: numPresent > 0 || numEnabled == 0, at ssl3con.c:711
Aborted

$gdb a.out core
...
(gdb) p numPresent
$1 = 0
(gdb) p numEnabled
$2 = 5
(gdb) where
#0  0x0000003beea30265 in raise () from /lib64/libc.so.6
#1  0x0000003beea31d10 in abort () from /lib64/libc.so.6
#2  0x00002b128a28fa9e in PR_Assert (s=0x2b128a897f80 "numPresent > 0 || numEnabled == 0",
    file=0x2b128a897f3e "ssl3con.c", ln=711) at ../../../../pr/src/io/prlog.c:577
#3  0x00002b128a861334 in ssl3_config_match_init (ss=0x97e4510) at ssl3con.c:711
#4  0x00002b128a875412 in ssl2_ConstructCipherSpecs (ss=0x97e4510) at sslcon.c:206
#5  0x00002b128a87d574 in ssl2_BeginServerHandshake (ss=0x97e4510) at sslcon.c:3800
#6  0x00002b128a883203 in ssl_Do1stHandshake (ss=0x97e4510) at sslsecur.c:151
#7  0x00002b128a8851cb in ssl_SecureRecv (ss=0x97e4510, buf=0x7fff4be7f500 "", len=1024, flags=0) at sslsecur.c:1150
#8  0x00002b128a885297 in ssl_SecureRead (ss=0x97e4510, buf=0x7fff4be7f500 "", len=1024) at sslsecur.c:1169
#9  0x00002b128a88d4c2 in ssl_Read (fd=0x97de2a0, buf=0x7fff4be7f500, len=1024) at sslsock.c:1639
#10 0x00002b128a28b8e2 in PR_Read (fd=0x97de2a0, buf=0x7fff4be7f500, amount=1024) at ../../../../pr/src/io/priometh.c:141
#11 0x0000000000401269 in readDataFromSocket (sslSocket=0x97de2a0) at my.cpp:126
#12 0x0000000000401317 in read_write (fd=0x97de2a0) at my.cpp:159
#13 0x0000000000401804 in main (argc=2, argv=0x7fff4be7fad8) at my.cpp:219
(gdb)
assert.cpp test program for crash as reported above. 
cat Makefile:
SECURITY_DIR=/bucket2/home/meena/security/old/64/
all:
	g++ -g -I$(SECURITY_DIR)/include -L$(SECURITY_DIR)/lib -lnspr4 -lnss3 -lssl3 my.cpp

    
    

    
  
When I replace      

SSL_CipherPrefSetDefault(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, PR_TRUE); 

by

SSL_CipherPrefSet(sock, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, PR_TRUE);

it fixes this crash.

So we are not having any crashes now.

    
    

    
  
Meena,

That's because your test program is calling SSL_CipherPrefSetDefault after it calls SSL_ImportFD. The default setting only applies to new sockets. If you move your SSL_CipherPrefSetDefault up, before SSL_ImportFD, then it works as expected - there is no assertion. I don't know if NSS should really asset for this case, as it's actually an application bug if no ciphers have been configured on the socket at all.

IMO, the ssl3con.c assertion should be changed. It should not assert that numEnabled is greater than 0 . Even without SNI involved, this is incorrect - it's still an application configuration error, not an NSS bug, so NSS should just return SSL_ERROR_NO_CIPHERS_SUPPORTED .

    
    

    
  
Julien, You're right that it's an application configuration error when no cipher
suites are enabled, and that we don't generally assert for application errors.
This is an exception to that general rule. There's a reason for this exception.

Before that assertion was put in, the most common complaint that the NSS team 
would receive in bug reports from the field was that "the server doesn't work".
They'd misconfigure it, and instead of the server failing in configuration, 
it would simply fail to complete any handshakes.  This was due, in part, to the 
server apps not doing sufficient sanity checking on their own configurations,
and even ignoring error codes returned by some calls.  something that the NSS 
team was unable to get applications to correct.

The "server doesn't work" reports were frequent, time consuming.  Now, the 
assertion failure is trivial to spot and understand, and will not be ignored.

    
  

        Attachment #567391 -
        Flags: review?(nelson) → review?(bsmith)

    
  
Blocks: 693274

    
    

    
  
Comment on attachment 567391 [details] [diff] [review]
Patch v1 - set up socket for the negotiated name before checking cache

Review of attachment 567391 [details] [diff] [review]:
-----------------------------------------------------------------

Dropping this old review request. I'm not as familiar with the server-side stuff as others are.

        Attachment #567391 -
        Flags: review?(brian)

    
  
Severity: normal → S3
Severity: S3 → S4
Status: NEW → RESOLVED
Closed: 6 months ago
Priority: -- → P5
Resolution: --- → INACTIVE

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: