> [[email protected] - Mon Jul 19 17:39:04 2010]:
>
> I set the breakpoints to the following functions:
>
> ENGINE_register_ciphers
> ENGINE_unregister_ciphers (never called!!!)
> ENGINE_cleanup
>
> 1) Breakpoint ENGINE_register_ciphers (e=0x7ffff8390760) from mod_ssl
> e = {id = 0x7ffff1f15100 "aesni", name = 0x7ffff1f15130 "Intel AES-NI
> engine (no-aesni)", rsa_meth = 0x0, dsa_meth = 0x0, dh_meth = 0x0,
> ecdh_meth = 0x0, ecdsa_meth = 0x0, rand_meth = 0x0, store_meth =
> 0x0, ciphers = 0, digests = 0, destroy = 0, init = 0x7ffff1e810fb
> <aesni_init>, finish = 0, ctrl = 0, load_privkey = 0, load_pubkey =
> 0, load_ssl_client_cert = 0, cmd_defns = 0x0, flags = 0, struct_ref
> = 2, funct_ref = 0, ex_data = {sk = 0x0, dummy = 0}, prev = 0x0,
> next = 0x0}
>
> e->ciphers was 0 => just return 1
> cipher_table = (ENGINE_TABLE *) 0x0
>
> 2) Breakpoint ENGINE_cleanup () from mod_ssl
>
> 3) Breakpoint ENGINE_register_ciphers (e=0x7ffff8444710) from mod_ssl
> e = {id = 0x7ffff1f15100 "aesni", name = 0x7ffff1f15130 "Intel AES-NI
> engine (no-aesni)", rsa_meth = 0x0, dsa_meth = 0x0, dh_meth = 0x0,
> ecdh_meth = 0x0, ecdsa_meth = 0x0, rand_meth = 0x0, store_meth =
> 0x0, ciphers = 0, digests = 0, destroy = 0, init = 0x7ffff1e810fb
> <aesni_init>, finish = 0, ctrl = 0, load_privkey = 0, load_pubkey =
> 0, load_ssl_client_cert = 0, cmd_defns = 0x0, flags = 0, struct_ref
> = 2, funct_ref = 0, ex_data = {sk = 0x0, dummy = 0}, prev = 0x0,
> next = 0x0}
>
> e->ciphers was 0 => just return 1
> cipher_table = (ENGINE_TABLE *) 0x0
>
> 4) Breakpoint ENGINE_register_ciphers (e=0x7ffff8641180) from libcurl
>
> e = {id = 0x7ffff1f15100 "aesni", name = 0x7ffff1f15110 "Intel AES-NI
> engine", rsa_meth = 0x0, dsa_meth = 0x0, dh_meth = 0x0, ecdh_meth =
> 0x0, ecdsa_meth = 0x0, rand_meth = 0x0, store_meth = 0x0, ciphers =
> 0x7ffff1e8137d <aesni_ciphers>, digests = 0, destroy = 0, init =
> 0x7ffff1e810fb <aesni_init>, finish = 0, ctrl = 0, load_privkey =
> 0, load_pubkey = 0, load_ssl_client_cert = 0, cmd_defns = 0x0,
> flags = 0, struct_ref = 1, funct_ref = 0, ex_data = {sk = 0x0,
> dummy = 0}, prev = 0x0, next = 0x0}
> cipher_table = (ENGINE_TABLE *) 0x0
>
> *e->ciphers = {int (ENGINE *, const EVP_CIPHER **, const int **, int)}
> 0x7ffff1e8137d <aesni_ciphers>
> => called
> int num_nids = e->ciphers(e, NULL, &nids, 0);
> num_nids = 12
> => called
> return engine_table_register(&cipher_table, ....
>
> *cipher_table = {piles = {b = 0x7ffff861ea90, comp = 0x7ffff1e7d602
> <engine_pile_cmp_LHASH_COMP>, hash = 0x7ffff1e7d5e0
> <engine_pile_hash_LHASH_HASH>, num_nodes = 8, num_alloc_nodes = 16,
> p = 0, pmax = 8, up_load = 512, down_load = 256, num_items = 12,
> num_expands = 0, num_expand_reallocs = 0, num_contracts = 0,
> num_contract_reallocs = 0, num_hash_calls = 24, num_comp_calls = 0,
> num_insert = 12, num_replace = 0, num_delete = 0, num_no_delete =
> 0, num_retrieve = 0, num_retrieve_miss = 12, num_hash_comps = 8,
> error = 0}}
>
>
> Then it waited for request and seqfaulted when it arrived:
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff214ea60 in sha1_md () from /lib/libcrypto.so.0.9.8
> (gdb) backtrace
> #0 0x00007ffff214ea60 in sha1_md () from /lib/libcrypto.so.0.9.8
> #1 0x00007ffff1e7c7cf in engine_unlocked_init (e=0x7ffff8641180) at
> eng_init.c:67
> #2 0x00007ffff1e7dc34 in engine_table_select (table=0x7ffff216c860,
> nid=427) at eng_table.c:274
> #3 0x00007ffff1e7f095 in ENGINE_get_cipher_engine (nid=427) at
> tb_cipher.c:115
>
> *e = {id = 0x2 <Address 0x2 out of bounds>, name = 0x7ffff1eff31c
> "des-cbc", rsa_meth = 0x7ffff214e2c0, dsa_meth = 0x31, dh_meth =
> 0x7fff00000090, ecdh_meth = 0x7ffff2149d20, ecdsa_meth =
> 0x7ffff214ea60, rand_meth = 0x7ffff1eec806, store_meth = 0x0,
> ciphers = 0x31, digests = 0x7fff00000091, destroy = 0x7ffff2149d80
> <r4_40_cipher>, init = 0x7ffff214ea60 <sha1_md>, finish =
> 0x7ffff1eec806 <PKCS12_PBE_keyivgen>, ctrl = 0x7ffff1e80278
> <dynamic_ctrl>, load_privkey = 0x31, load_pubkey = 0x7fff00000092,
> load_ssl_client_cert = 0x7ffff2149ae0 <des_ede3_cbc>, cmd_defns =
> 0x7ffff214ea60, flags = -236009466, struct_ref = 32767, funct_ref =
> 0, ex_data = {sk = 0x21, dummy = -146014162}, prev =
> 0x7ffff74c7ea8, next = 0x20}
>
> *cipher_table = {piles = {b = 0x7ffff861ea90, comp = 0x7ffff1e7d602
> <engine_pile_cmp_LHASH_COMP>, hash = 0x7ffff1e7d5e0
> <engine_pile_hash_LHASH_HASH>, num_nodes = 8, num_alloc_nodes = 16,
> p = 0, pmax = 8, up_load = 512, down_load = 256, num_items = 12,
> num_expands = 0, num_expand_reallocs = 0, num_contracts = 0,
> num_contract_reallocs = 0, num_hash_calls = 25, num_comp_calls = 1,
> num_insert = 12, num_replace = 0, num_delete = 0, num_no_delete =
> 0, num_retrieve = 1, num_retrieve_miss = 12, num_hash_comps = 10,
> error = 0}}
>
> Full backtrace included.
>
OK, for some reason mod_ssl is loading the dummy aesni ("no-aesni")
while curl is loading the functional aesni.
Try removing the additional call to ENGINE_register_complete() in
ENGINE_load_aesni(): that should stop ciphers being registered at that
point and it should now work.
Then set an explicit crypto ENGINE in the mod_ssl configuration using
the SSLCryptoDevice directive with "aesni". If that then works I'd
suggest setting some breakpoints in the aesni ENGINE to see if it is
being used.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
