On Tue, Jun 06, 2017 at 09:18:25PM +1000, Jonathan Gray wrote:
> when using a server.key with a passphrase, ie
>
> openssl genrsa -aes256 -out /etc/ssl/private/server.key 2048
>
> server "default" {
> listen on * port 80
> listen on * tls port 443
> directory { auto index }
> }
>
> types {
> include "/usr/share/misc/mime.types"
> text/plain "log"
> }
>
> httpd(96368): syscall 5 "wpath"
> httpd(87490): syscall 5 "wpath"
> httpd(30649): syscall 5 "wpath"
This very much sounds like "Doctor! Doctor! If I do this it hurts!"
In case anyone wonders if adding wpath to the pledge would solve this,
it is not the right solution, also it will not get you very far since
libcrypto is trying to dick around with /dev/tty. You will probably be
killed shortly afterwards because of missing tty pledge...
I'm wondering if relayd is handling this better. If yes, we should
bring over the crypto engine, if no we should fix relayd and then
bring over the crypto engine.
>
> #0 0x0000022b9356bc0a in _thread_sys_open () at {standard input}:5
> #1 0x0000022b935d6299 in *_libc_open_cancel (path=Variable "path" is not
> available.
> ) at /usr/src/lib/libc/sys/w_open.c:36
> #2 0x0000022b9359a642 in *_libc_fopen (file=0x22b2db5c9be "/dev/tty",
> mode=Variable "mode" is not available.
> ) at /usr/src/lib/libc/stdio/fopen.c:54
> #3 0x0000022b2d92d26f in open_console (ui=Variable "ui" is not available.
> ) at /usr/src/lib/libcrypto/ui/ui_openssl.c:304
> #4 0x0000022b2d9e65da in UI_process (ui=0x22b217187c0) at
> /usr/src/lib/libcrypto/ui/ui_lib.c:455
> #5 0x0000022b2d954b8f in EVP_read_pw_string_min (buf=0x7f7fffff19f0 "",
> min=4, len=Variable "len" is not available.
> ) at /usr/src/lib/libcrypto/evp/evp_key.c:117
> #6 0x0000022b2d9dc018 in PEM_def_callback (buf=0x7f7fffff19f0 "", num=1024,
> w=0, key=Variable "key" is not available.
> ) at /usr/src/lib/libcrypto/pem/pem_lib.c:113
> #7 0x0000022b2d9dc2c4 in PEM_do_header (cipher=0x7f7fffff1ec0,
> data=0x22bc09b6000
> "d\vQ\212\222????????\035\006\227\221\004????.H\033\225Y????\nmKql}1i\034??P????z\033a@??\232??\220N??\037??APfVs\005r\226??\030\2273T????W\t\201??????\217??+\2033?????^\226D\2340z:-+g\226????*??\034",
> plen=0x7f7fffff1ee8, callback=Variable "callback" is not available.
> )
> at /usr/src/lib/libcrypto/pem/pem_lib.c:447
> #8 0x0000022b2d9dc64c in PEM_bytes_read_bio (pdata=0x7f7fffff1f68,
> plen=0x7f7fffff1f60, pnm=0x7f7fffff1f78,
> name=0x22b2db5dcb5 "ANY PRIVATE KEY", bp=0x22b514c9e00, cb=0, u=0x0) at
> /usr/src/lib/libcrypto/pem/pem_lib.c:296
> #9 0x0000022b2d93112f in PEM_read_bio_PrivateKey (bp=Variable "bp" is not
> available.
> ) at /usr/src/lib/libcrypto/pem/pem_pkey.c:90
> #10 0x0000022b6ef43b62 in tls_configure_ssl_keypair (ctx=0x22b514c9e80,
> ssl_ctx=0x22bcc86ce00, keypair=0x22b9294df00, required=Variable "required" is
> not available.
> )
> at /usr/src/lib/libtls/tls.c:347
> #11 0x0000022b6ef42135 in tls_configure_server_ssl (ctx=0x22b514c9e80,
> ssl_ctx=0x22b514c9eb8, keypair=0x22b9294df00)
> at /usr/src/lib/libtls/tls_server.c:261
> #12 0x0000022b6ef427a1 in tls_configure_server (ctx=0x22b514c9e80) at
> /usr/src/lib/libtls/tls_server.c:361
> #13 0x0000022920b1413c in server_tls_init (srv=0x22bd885d000) at
> /usr/src/usr.sbin/httpd/server.c:297
> #14 0x0000022920b1431c in server_launch () at
> /usr/src/usr.sbin/httpd/server.c:359
> #15 0x0000022920b16759 in server_dispatch_parent (fd=3, p=0x22920d301c0,
> imsg=0x7f7fffff25a0) at /usr/src/usr.sbin/httpd/server.c:1289
> #16 0x0000022920b12f99 in proc_dispatch (fd=3, event=2, arg=0x22c12810000) at
> /usr/src/usr.sbin/httpd/proc.c:652
> #17 0x0000022c070a0808 in event_base_loop (base=0x22b94f5d000, flags=Variable
> "flags" is not available.
> ) at /usr/src/lib/libevent/event.c:350
> #18 0x0000022920b12db4 in proc_run (ps=0x22c0f506000, p=0x22920d30080,
> procs=0x22920d301c0, nproc=2, run=0x22920b1424d <server_init>,
> arg=0x0) at /usr/src/usr.sbin/httpd/proc.c:594
> #19 0x0000022920b137b1 in server (ps=0x22c0f506000, p=0x22920d30080) at
> /usr/src/usr.sbin/httpd/server.c:87
> #20 0x0000022920b11da5 in proc_init (ps=0x22c0f506000, procs=0x22920d30080,
> nproc=2, argc=5, argv=0x7f7fffff2898, proc_id=PROC_SERVER)
> at /usr/src/usr.sbin/httpd/proc.c:249
> #21 0x0000022920b0ac57 in main (argc=0, argv=0x7f7fffff2898) at
> /usr/src/usr.sbin/httpd/httpd.c:218
>
--
I'm not entirely sure you are real.
