Hello all,
I posted this on user forum last week, but no luck there. I thought this might
be a better forum to post.
I have been chasing this issue for a while now, but have not been able to
reproduce it myself.
I am using OpenSSL 0.9.8n.
We see that the HTTP (apache) crashes (don't know the exact reason).
We have been able to get core files of the crashes and have the backtrace for
them.
Below are some of them.
It seems that the crash is always during EC_KEY_generate_key part of "Server
Key Exchange" message. It seems like there is something wrong with the EC_KEY
passed to
EC_KEY_generate_key. I think EC_GROUP inside the EC_KEY structure has some
issues.
Has anybody seen this before?
Any help will be appreciated.
Thanks,
Manish
Program terminated with signal 11, Segmentation fault.
(gen-init)bt
#0 BN_usub (r=0x1015a890, a=0x1015a890, b=0x1015a1b8) at bn_add.c:199
#1 0x2ac06dec in ec_GFp_simple_dbl (group=0x1015a170, r=0x1015a220,
a=0x1015a220, ctx=0x10159f78) at ecp_smpl.c:1217
#2 0x2ac0a22c in ec_wNAF_mul (group=0x1015a170, r=0x1015a220, scalar=0x0,
num=0, points=0x7efff4c0, scalars=0x7efff4c4, ctx=0x10159f78)
at ec_mult.c:657
During symbol reading, unsupported const value attribute form: 'DW_FORM_strp'.
#3 0x2ac0440c in EC_POINT_mul (group=0x1015a170, r=0x1015a220, g_scalar=0x0,
point=0x8, p_scalar=0x0, ctx=0x10159f78) at ec_lib.c:1139
#4 0x2ac0e564 in EC_KEY_generate_key (eckey=0x10159f50) at ec_key.c:275
#5 0x2ab0f714 in ssl3_send_server_key_exchange (s=0x1013ad00) at s3_srvr.c:1422
#6 0x2ab12744 in ssl3_accept (s=0x1013ad00) at s3_srvr.c:394
#7 0x2ab1d040 in ssl23_get_client_hello (s=0x1013ad00) at s23_srvr.c:584
#8 0x2ab1dac0 in ssl23_accept (s=0x1013ad00) at s23_srvr.c:203
#9 0x004478a0 in ssl_io_filter_connect ()
#10 0x00448094 in ssl_io_filter_input ()
#11 0x004cc3d4 in ap_get_brigade ()
#12 0x004dd194 in net_time_filter ()
#13 0x004cc3d4 in ap_get_brigade ()
#14 0x004ceaa8 in ap_rgetline_core ()
#15 0x004cf4f4 in read_request_line ()
#16 0x004d0310 in ap_read_request ()
#17 0x00467784 in ap_process_http_connection ()
#18 0x004c7678 in ap_run_process_connection ()
#19 0x004c7d8c in ap_process_connection ()
#20 0x004a78cc in process_socket ()
#21 0x004a870c in worker_thread ()
#22 0x00554eb0 in dummy_worker ()
#23 0x2ace7030 in pthread_start_thread () from
/home/jbaniqued/symbols/FCS6.1.1.0_28288/ArubaOS_MMC_syms/lib/libpthread.so.0
#24 0x2b7f4ec4 in __thread_start () from
/home/jbaniqued/symbols/FCS6.1.1.0_28288/ArubaOS_MMC_syms/lib/libc.so.6
#25 0x2b7f4ec4 in __thread_start () from
/home/jbaniqued/symbols/FCS6.1.1.0_28288/ArubaOS_MMC_syms/lib/libc.so.6
Previous frame identical to this frame (corrupt stack?)
(gen-init)
Backtrace
#0 BN_copy (a=0x2bd170c0, b=0x2bc2d710) at bn_lib.c:495
#1 0x2ac02bac in EC_GROUP_get_order (group=0x0, order=0x2bd170c0, ctx=0x0)
at ec_lib.c:321
#2 0x2ac0e50c in EC_KEY_generate_key (eckey=0x2bd17008) at ec_key.c:258
#3 0x2ab0f714 in ssl3_send_server_key_exchange (s=0x2bc00af0)
at s3_srvr.c:1422
#4 0x2ab12744 in ssl3_accept (s=0x2bc00af0) at s3_srvr.c:394
#5 0x2ab1d040 in ssl23_get_client_hello (s=0x2bc00af0) at s23_srvr.c:584
#6 0x2ab1dac0 in ssl23_accept (s=0x2bc00af0) at s23_srvr.c:203
#7 0x004478a0 in ssl_io_filter_connect ()
#8 0x00448094 in ssl_io_filter_input ()
#9 0x004cc3d4 in ap_get_brigade ()
#10 0x004dd194 in net_time_filter ()
#11 0x004cc3d4 in ap_get_brigade ()
#12 0x004ceaa8 in ap_rgetline_core ()
#13 0x004cf4f4 in read_request_line ()
#14 0x004d0310 in ap_read_request ()
#15 0x00467784 in ap_process_http_connection ()
#16 0x004c7678 in ap_run_process_connection ()
#17 0x004c7d8c in ap_process_connection ()
#18 0x004a78cc in process_socket ()
#19 0x004a870c in worker_thread ()
#20 0x00554eb0 in dummy_worker ()
