[openssl.org #2305] openSSL initialization segmentation fault

I think there is a bug in the openSSL initialization. In (K)ubuntu my Apache was crashing when I accessed any SSL page (even static html) with segmentation fault (11) when the php5-curl module was enabled (just enabled, not used). I've found this bug reported here: https://bugs.launchpad.net

[openssl.org #2305] openSSL initialization segmentation fault

> [miroslav.za...@skype.net - Tue Jul 13 10:42:32 2010]: > > I think there is a bug in the openSSL initialization. > > In (K)ubuntu my Apache was crashing when I accessed any SSL page (even > static html) with > segmentation fault (11) when the php5-curl module was enabled (just > enabled, not us

[openssl.org #2305] openSSL initialization segmentation fault

> [miroslav.za...@skype.net - Thu Jul 15 16:32:31 2010]: > > He are the debugging symbols. > OK, the interesting bit is here: #0 0x7215ec60 in sha1_md () from /lib/libcrypto.so.0.9.8 #1 0x71eac309 in engine_unlocked_init (e=0x7863f550) at eng_init.c:67 Can you print out t

[openssl.org #2305] openSSL initialization segmentation fault

> [miroslav.za...@skype.net - Fri Jul 16 10:42:58 2010]: > > I've recompiled the library with -O0 -g > > Here is the new backtrace (the *e is at the very end of the file) > OK, that ENGINE structure looks like total garbage. It is possible the Apache load/unload cycle (and possibly something in

[openssl.org #2305] openSSL initialization segmentation fault

> [miroslav.za...@skype.net - Fri Jul 16 16:50:47 2010]: > > One more backtrace when the breakpoints were set to both > ENGINE_load_builtin_engines and ENGINE_cleanup > > The apache mod-ssl tries to ENGINE_cleanup after the first > ENGINE_load_builtin_engines call. So it looks as if the cleanup w

[openssl.org #2305] openSSL initialization segmentation fault

> [miroslav.za...@skype.net - Sat Jul 17 02:17:51 2010]: > > The cipher_table was always null when I accessed it and method > ENGINE_unregister_ciphers was not called at all (even though > breakpoint was set). > > Here is the backtrace. > Well that makes no sense at all, if cipher_table is NULL

[openssl.org #2305] openSSL initialization segmentation fault

> [miroslav.za...@skype.net - Mon Jul 19 11:07:34 2010]: > > Here is the backtrace. The table was not empty, this is the content: > > (gdb) print **table > $3 = {piles = {b = 0x7861ea70, comp = 0x71e7d602 >, hash = 0x71e7d5e0 >, num_nodes = 8, num_alloc_nodes = 16, >p = 0,

[openssl.org #2305] openSSL initialization segmentation fault

> [miroslav.za...@skype.net - Mon Jul 19 17:39:04 2010]: > > I set the breakpoints to the following functions: > > ENGINE_register_ciphers > ENGINE_unregister_ciphers (never called!!!) > ENGINE_cleanup > > 1) Breakpoint ENGINE_register_ciphers (e=0x78390760) from mod_ssl > e = {id = 0x71

[openssl.org #2305] openSSL initialization segmentation fault

> [steve - Mon Jul 19 18:24:36 2010]: > > OK, for some reason mod_ssl is loading the dummy aesni ("no-aesni") > while curl is loading the functional aesni. > OK maybe the engage variable isn't set up correctly. Can you break in aesni_bind_helper() and see what "engage" gets set to? Also break

[openssl.org #2305] openSSL initialization segmentation fault

> [steve - Mon Jul 19 21:26:53 2010]: > > > [steve - Mon Jul 19 18:24:36 2010]: > > > > OK, for some reason mod_ssl is loading the dummy aesni ("no-aesni") > > while curl is loading the functional aesni. > > > > OK maybe the engage variable isn't set up correctly. > > Can you break in aesni_bi

[openssl.org #2305] openSSL initialization segmentation fault

OK forget all my other ramblings I'm pretty sure I know the cause now. The change suggested in PR#2045 has problems if the ENGINE_add() call fails: it ends up adding a reference to a freed up ENGINE which is likely to subsequently contain garbage and generally spoil your whole day. This will happ

[openssl.org #2305] openSSL initialization segmentation fault

Fixed in openssl, and suggested change to user's code. -- Rich Salz, OpenSSL dev team; rs...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List open

Re: [openssl.org #2305] openSSL initialization segmentation fault

Here are the debugging symbols (sorry for the previous mail) GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRA

Re: [openssl.org #2305] openSSL initialization segmentation fault

He are the debugging symbols. linux.desktop Description: Binary data

Re: [openssl.org #2305] openSSL initialization segmentation fault

I've recompiled the library with -O0 -g Here is the new backtrace (the *e is at the very end of the file) GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free t

Re: [openssl.org #2305] openSSL initialization segmentation fault

Method ENGINE_load_builtin_engines was called 3 times, twice from the mod_ssl, once from the php5-curl module. Here is the backtrace again. GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later Th

Re: [openssl.org #2305] openSSL initialization segmentation fault

> Method ENGINE_load_builtin_engines was called 3 times, twice from the > mod_ssl, once from the php5-curl module. When I skipped the second mod_ssl initialisation the program didn't segfault. __ OpenSSL Project

Re: [openssl.org #2305] openSSL initialization segmentation fault

One more backtrace when the breakpoints were set to both ENGINE_load_builtin_engines and ENGINE_cleanup The apache mod-ssl tries to ENGINE_cleanup after the first ENGINE_load_builtin_engines call. So it looks as if the cleanup wasn't successful. GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free

Re: [openssl.org #2305] openSSL initialization segmentation fault

The cipher_table was always null when I accessed it and method ENGINE_unregister_ciphers was not called at all (even though breakpoint was set). Here is the backtrace. GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later

Re: [openssl.org #2305] openSSL initialization segmentation fault

Here is the backtrace. The table was not empty, this is the content: (gdb) print **table $3 = {piles = {b = 0x7861ea70, comp = 0x71e7d602 , hash = 0x71e7d5e0 , num_nodes = 8, num_alloc_nodes = 16, p = 0, pmax = 8, up_load = 512, down_load = 256, num_items = 12, num_expands = 0, num

Re: [openssl.org #2305] openSSL initialization segmentation fault

On Mon, 2010-07-19 at 14:25 +0200, Stephen Henson via RT wrote: > > [miroslav.za...@skype.net - Mon Jul 19 11:07:34 2010]: > > > > Here is the backtrace. The table was not empty, this is the content: > > > > (gdb) print **table > > $3 = {piles = {b = 0x7861ea70, comp = 0x71e7d602 > >,

Re: [openssl.org #2305] openSSL initialization segmentation fault

I set the breakpoints to the following functions: ENGINE_register_ciphers ENGINE_unregister_ciphers (never called!!!) ENGINE_cleanup 1) Breakpoint ENGINE_register_ciphers (e=0x78390760) from mod_ssl e = {id = 0x71f15100 "aesni", name = 0x71f15130 "Intel AES-NI engine (no-aesni)", rsa

Re: [openssl.org #2305] openSSL initialization segmentation fault

On Mon, Jul 19, 2010, David Woodhouse wrote: > On Mon, 2010-07-19 at 14:25 +0200, Stephen Henson via RT wrote: > > > [miroslav.za...@skype.net - Mon Jul 19 11:07:34 2010]: > > > > > > Here is the backtrace. The table was not empty, this is the content: > > > > > > (gdb) print **table > > > $3 =

Re: [openssl.org #2305] openSSL initialization segmentation fault

On Mon, 2010-07-19 at 18:26 +0200, Dr. Stephen Henson wrote: > It should work without that if the application explicitly sets the crypto > ENGINE to use for example with the SSLCryptoDevice directive in mod_ssl or via > autoconf. It should, but obviously that's not a viable solution in the genera

Re: [openssl.org #2305] openSSL initialization segmentation fault

On Tue, 2010-07-20 at 00:59 +0200, Stephen Henson via RT wrote: > OK forget all my other ramblings I'm pretty sure I know the cause now. > > The change suggested in PR#2045 has problems if the ENGINE_add() call > fails: it ends up adding a reference to a freed up ENGINE which is > likely to subseq

Re: [openssl.org #2305] openSSL initialization segmentation fault

On Mon, Jul 19, 2010, David Woodhouse wrote: > On Mon, 2010-07-19 at 18:26 +0200, Dr. Stephen Henson wrote: > > It should work without that if the application explicitly sets the crypto > > ENGINE to use for example with the SSLCryptoDevice directive in mod_ssl or > > via > > autoconf. > > It s

Re: [openssl.org #2305] openSSL initialization segmentation fault

On Wed, 2010-07-21 at 00:46 +0200, Dr. Stephen Henson wrote: > This issue could crop up for other ENGINEs in future. Adding a call to > ENGINE_register_all_complete() at the end of ENGINE_load_builtin_engines() > should resolve #2045 and any future cases. Can you confirm that please? Yes, that wor