Skip to content

crypto/x509: possible crash on macOS 10.13 (in SecTrustEvaluateWithError) #52112

@tmm1

Description

@tmm1

What version of Go are you using (go version)?

$ go version
go version go1.18 darwin/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

Tested on macOS 10.11 (which I know is not supported).

But I believe it will also trigger on macOS 10.13, but it would be helpful if someone could confirm one way or the other.

What did you do?

Make a https request

What did you see instead?

SIGTRAP: trace trap
PC=0x7fff6590d075 m=12 sigcode=1

goroutine 0 [idle]:
crypto/x509/internal/macos.syscall(0x0?, 0x0?, 0xc000883360?, 0x4202738?, 0x45f5e40a9d?, 0x67acb40?, 0x0?)
	runtime/sys_darwin.go:99 +0x58 fp=0xc0008832f0 sp=0xc000883290 pc=0x4066038
crypto/x509/internal/macos.SecTrustEvaluateWithError(0xc000942140?)
	crypto/x509/internal/macos/security.go:195 +0x48 fp=0xc000883370 sp=0xc0008832f0 pc=0x4202808
crypto/x509.(*Certificate).systemVerify(0xc0000b0580, 0xc000883718)
	crypto/x509/root_darwin.go:52 +0x2de fp=0xc0008835c8 sp=0xc000883370 pc=0x420c09e
crypto/x509.(*Certificate).Verify(0xc0000b0580, {{0xc000942140, 0x19}, 0xc000abce70, 0x0, {0xc089fbd45c8a4e10, 0x45f5e40a9d, 0x67acb40}, {0x0, 0x0, ...}, ...})
	crypto/x509/verify.go:747 +0x4c7 fp=0xc000883718 sp=0xc0008835c8 pc=0x4210be7
crypto/tls.(*Conn).verifyServerCertificate(0xc000628a80, {0xc000abc8d0, 0x2, 0x2})
	crypto/tls/handshake_client.go:868 +0x658 fp=0xc0008839a0 sp=0xc000883718 pc=0x4234ed8
crypto/tls.(*clientHandshakeStateTLS13).readServerCertificate(0xc000883d98)
	crypto/tls/handshake_client_tls13.go:457 +0x2d1 fp=0xc000883bb0 sp=0xc0008839a0 pc=0x4237751
crypto/tls.(*clientHandshakeStateTLS13).handshake(0xc000883d98)
	crypto/tls/handshake_client_tls13.go:87 +0x1d9 fp=0xc000883be8 sp=0xc000883bb0 pc=0x4235899
crypto/tls.(*Conn).clientHandshake(0xc000628a80, {0x5665c68, 0xc00050cb00})
	crypto/tls/handshake_client.go:219 +0x578 fp=0xc000883e78 sp=0xc000883be8 pc=0x4230878
crypto/tls.(*Conn).clientHandshake-fm({0x5665c68?, 0xc00050cb00?})
	<autogenerated>:1 +0x39 fp=0xc000883ea0 sp=0xc000883e78 pc=0x4261859
crypto/tls.(*Conn).handshakeContext(0xc000628a80, {0x5665ca0, 0xc0001b2010})
	crypto/tls/conn.go:1452 +0x3d1 fp=0xc000883f70 sp=0xc000883ea0 pc=0x422e831
crypto/tls.(*Conn).HandshakeContext(...)
	crypto/tls/conn.go:1402
net/http.(*persistConn).addTLS.func2()
	net/http/transport.go:1537 +0x71 fp=0xc000883fe0 sp=0xc000883f70 pc=0x430e1b1
runtime.goexit()
	runtime/asm_amd64.s:1571 +0x1 fp=0xc000883fe8 sp=0xc000883fe0 pc=0x4069401
created by net/http.(*persistConn).addTLS
	net/http/transport.go:1533 +0x345

goroutine 31 [syscall]:
crypto/x509/internal/macos.syscall(0x0?, 0x0?, 0xc000883360?, 0x4202738?, 0x45f5e40a9d?, 0x67acb40?, 0x0?)
	runtime/sys_darwin.go:99 +0x58 fp=0xc0008832f0 sp=0xc000883290 pc=0x4066038
crypto/x509/internal/macos.SecTrustEvaluateWithError(0xc000942140?)
	crypto/x509/internal/macos/security.go:195 +0x48 fp=0xc000883370 sp=0xc0008832f0 pc=0x4202808
crypto/x509.(*Certificate).systemVerify(0xc0000b0580, 0xc000883718)
	crypto/x509/root_darwin.go:52 +0x2de fp=0xc0008835c8 sp=0xc000883370 pc=0x420c09e
crypto/x509.(*Certificate).Verify(0xc0000b0580, {{0xc000942140, 0x19}, 0xc000abce70, 0x0, {0xc089fbd45c8a4e10, 0x45f5e40a9d, 0x67acb40}, {0x0, 0x0, ...}, ...})
	crypto/x509/verify.go:747 +0x4c7 fp=0xc000883718 sp=0xc0008835c8 pc=0x4210be7
crypto/tls.(*Conn).verifyServerCertificate(0xc000628a80, {0xc000abc8d0, 0x2, 0x2})
	crypto/tls/handshake_client.go:868 +0x658 fp=0xc0008839a0 sp=0xc000883718 pc=0x4234ed8
crypto/tls.(*clientHandshakeStateTLS13).readServerCertificate(0xc000883d98)
	crypto/tls/handshake_client_tls13.go:457 +0x2d1 fp=0xc000883bb0 sp=0xc0008839a0 pc=0x4237751
crypto/tls.(*clientHandshakeStateTLS13).handshake(0xc000883d98)
	crypto/tls/handshake_client_tls13.go:87 +0x1d9 fp=0xc000883be8 sp=0xc000883bb0 pc=0x4235899
crypto/tls.(*Conn).clientHandshake(0xc000628a80, {0x5665c68, 0xc00050cb00})
	crypto/tls/handshake_client.go:219 +0x578 fp=0xc000883e78 sp=0xc000883be8 pc=0x4230878
crypto/tls.(*Conn).clientHandshake-fm({0x5665c68?, 0xc00050cb00?})
	<autogenerated>:1 +0x39 fp=0xc000883ea0 sp=0xc000883e78 pc=0x4261859
crypto/tls.(*Conn).handshakeContext(0xc000628a80, {0x5665ca0, 0xc0001b2010})
	crypto/tls/conn.go:1452 +0x3d1 fp=0xc000883f70 sp=0xc000883ea0 pc=0x422e831
crypto/tls.(*Conn).HandshakeContext(...)
	crypto/tls/conn.go:1402
net/http.(*persistConn).addTLS.func2()
	net/http/transport.go:1537 +0x71 fp=0xc000883fe0 sp=0xc000883f70 pc=0x430e1b1
runtime.goexit()
	runtime/asm_amd64.s:1571 +0x1 fp=0xc000883fe8 sp=0xc000883fe0 pc=0x4069401
created by net/http.(*persistConn).addTLS
	net/http/transport.go:1533 +0x345

This seems to be related to CL353132 (feb024f, #46287) which added calls to SecTrustEvaluateWithError

According to https://developer.apple.com/documentation/security/2980705-sectrustevaluatewitherror, SecTrustEvaluateWithError is only available in macOS 10.14+

cc #23011

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAgeWaitingForInfoIssue is not actionable because of missing required information, which needs to be provided.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions