[Bug 63136] New: After r1781187 httpd is seg faulting in FIPS mode

Thu, 31 Jan 2019 04:34:47 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=63136

            Bug ID: 63136
           Summary: After r1781187 httpd is seg faulting in FIPS mode
           Product: Apache httpd-2
           Version: 2.4.26
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: regression
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: luhli...@redhat.com
  Target Milestone: ---

Hi all,

after this commit http://svn.apache.org/viewvc?view=revision&revision=1781187 ,
httpd is crashing with SEG_FAULT.

In the following code:

ctx = SSL_CTX_new(method);
mctx->ssl_ctx = ctx;
SSL_CTX_set_options(ctx, SSL_OP_ALL);

ctx is set to NULL by SSL_CTX_new function (method is set to
TLS_server_method() in this case) and therefore SSL_CTX_set_options causes
segfault. 

I traced also openssl's SSL_CTX_new call:

2938            || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
(gdb)
2943        ret->param = X509_VERIFY_PARAM_new();
(gdb) p ret
$9 = (SSL_CTX *) 0x5555558cdc10
(gdb) n
2944        if (ret->param == NULL)
(gdb)
2947        if (!FIPS_mode()) {
(gdb)
2948            if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
(gdb)
2949                SSLerr(SSL_F_SSL_CTX_NEW,
SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
(gdb)
2950                goto err2;
(gdb)
3065        SSL_CTX_free(ret);
(gdb)
3066        return NULL;


where FIPS_mode() returns 0, even if FIPS is enabled on the machine. I wanted
to find, what causes, that FIPS_module_mode_set is called with 0, and found
out, that this code from r1781187 did it:

/*
 * Try to kill the internals of the SSL library.
*/
#ifdef HAVE_FIPS
     FIPS_mode_set(0);
#endif

+ backtrace:

Breakpoint 1, FIPS_module_mode_set (onoff=onoff@entry=0) at
crypto/fips/fips.c:418
418     {
(gdb) bt
#0  FIPS_module_mode_set (onoff=onoff@entry=0) at crypto/fips/fips.c:418
#1  0x00007fffe8e3319c in FIPS_mode_set (r=r@entry=0) at crypto/o_fips.c:28
#2  0x00007fffe941e15f in ssl_cleanup_pre_config (data=<optimized out>) at
mod_ssl.c:335
#3  0x00007ffff6dea00e in run_cleanups (cref=<optimized out>) at
memory/unix/apr_pools.c:2629
#4  apr_pool_clear (pool=0x5555557e8848) at memory/unix/apr_pools.c:947
#5  0x0000555555577862 in reset_process_pconf (process=0x5555557e6928) at
main.c:291
#6  0x00005555555771e4 in main (argc=<optimized out>, argv=<optimized out>) at
main.c:750
(gdb) p onoff
$2 = 0

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

Reply via email to