On Tue, Jun 22, 2010, Brian Makin wrote: > On Tue, 2010-06-22 at 19:00 +0200, Dr. Stephen Henson wrote: > > On Tue, Jun 22, 2010, Brian Makin wrote: > > > > > Using curl 7.16.1 and 7.20.0 > > > with openssl 0.9.8l and 0.9.8o > > > I am getting intermittent crashes. Apache is setup with a pkcs12 cert > > > and when this fails it is always early in the process ie: initialization > > > of the threads. I'm guessing either curl or ssl has a missing lock but > > > I'm not sure which and where. Any assistance is greatly appreciated. > > > > > > The callstack usually looks something like the following or ends up in > > > the CRYPTO_malloc functions. > > > > > > > See if adding sk_sort(pbe_algs) at the end of EVP_PBE_alg_add() in > > crypto/evp/evp_pbe.c fixes this. > > > > still crashes... although now it sometimes crashes in sk_sort :) > Looks like it is generally one of these two stacks. > > #6 0x00007f3df3695780 in CRYPTO_realloc () > #7 0x00007f3df36ee507 in sk_insert () > #8 0x00007f3df36fbf19 in EVP_PBE_alg_add () > #9 0x00007f3df373713e in PKCS12_PBE_add () > #10 0x00007f3df3d42b72 in cert_stuff (conn=0xdba9e0, sockindex=<value > optimized out>) at ssluse.c:377 > > #0 0x00007fc6fe101e78 in pbe_cmp () > #1 0x00007fc6fe3efb15 in msort_with_tmp (p=<value optimized out>, > b=<value optimized out>, n=<value optimized out>) at msort.c:83 > ... > #7 0x00007fc6fe3f009c in *__GI_qsort_r (b=<value optimized out>, > n=<value optimized out>, s=8, cmp=0x7fc6fe101e70 <pbe_cmp>, arg=0x0) at > msort.c:294 > #8 0x00007fc6fe0f4317 in sk_sort () > #9 0x00007fc6fe101f25 in EVP_PBE_alg_add () > #10 0x00007fc6fe13d13e in PKCS12_PBE_add () > #11 0x00007fc6fe748b72 in cert_stuff (conn=0x7fc6d8005930, > sockindex=<value optimized out>) at ssluse.c:377 > >
Can you check to see if PKCS12_PBE_add() is called multiple times using the debugger? It is only supposed to be called once before threads are started but a bug means if it is called more than once you get multiple table entries per PBE algorithm (instead of no-op or replacing) and the subsequent sort operations can result in a race condition. I'll look into fixing that. OpenSSL 1.0.0 doesn't have this problem because the builtin PBE algorithms are in a static table. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
