Problems in OCSP_basic_sign() - not thread safe ?

Tue, 18 Nov 2008 12:14:45 -0800 

Hi all,

I am working on a multi threaded OCSP server based on OpenSSL. When I
switched from multi-process server (fork()) to a multi-threaded version
I got strange errors (segfaults).

I tracked down the problem, and the error seems to be within the openssl
libs - in particular in the OCSP_basic_sign() function.

When crashing this is the execution stack status:

#0  sk_pop_free (st=<value optimized out>, func=Could not find the frame
     base for "sk_pop_free".) at stack.c:288
#1  0x03d4f800 in EVP_PKEY_free (x=<value optimized out>) at p_lib.c:468
#2  0x03d753b2 in X509_check_private_key (x=<value optimized out>, k=<value
     optimized out>) at x509_cmp.c:416
#3  0x03da3fec in OCSP_basic_sign (brsp=<value optimized out>, signer=<value
     optimized out>, key=<value optimized out>, dgst=<value optimized out>,
     certs=<value optimized out>, flags=<value optimized out>) at ocsp_srv.c:215
#4  0x0804c422 in make_ocsp_response (req=0x985024d8, conf=0x9cbaa10,
     pkey=0xa3a8b30) at ocsp_response.c:173
#5  0x080509d2 in thread_main (arg=0x2b) at threads.c:190
#6  0x00c4f32f in start_thread (arg=<value optimized out>) at 
pthread_create.c:297
#7  0x00b8a20e in clone () from /lib/libc.so.6

Anybody has any idea about what is going on here ? #7->#4 is in my server code,
while #3->#0 is in openssl lib. Anybody has had same problems ? A possible
problem could be that the X509_get_pubkey() call fails but no error checking is
performed - therefore the EVP_PKEY_free() would cause the segfault... but at 
this
point is just speculation...

Later,
Max

--

Best Regards,

        Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]  [EMAIL PROTECTED]
                                                  [EMAIL PROTECTED]

Dartmouth Computer Science Dept               Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory                          Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------

People who think they know everything are a great annoyance to those of us
who do.
                                                           -- Isaac Asimov

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to