Re: bn_mul_add_words() hangs on my linux-x86_64 built

[Andy Polyakov]

Brendan,

run "make tests" in the OpenSSL build tree, or even "openssl speed rsa".
That'll test the code paths with known good code.
If it doesn't hang it's a problem in your code somewhere (try running under
valgrind at that point)- if it does hang , you should get better
diagnostics from make tests.

Well, my question is what is "hang" more specifically. Stack back-trace 
is always useful, you've got to tell how it was obtained. Crash-dump 
analysis? Or simply attaching to running process with debugger (or 
running pstack, which is essentially same)? Normally application is 
considered hanging, when it doesn't reply to input. Should we rule out 
crash-dump analysis then? Because it's unlikely that one would refer to 
crashed program as hanging... Let's try to assume that...

One of the reasons for a "hang" (as opposite to crash) is that program 
ends up in an end-less loop. But in this case if we assume that end-less 
loop is in bn_mul_add_words (as suggested), then there is no way you can 
get consistent back-trace (I mean every back-trace would show different 
program counter value), not to mention there is hardly a chance for 
bn_mul_add_words to run forever, it would crash with SEGV pretty soon 
(unless program is really and using a lot of memory, is it?). Or maybe 
end-less loop is elsewhere. But then back-trace won't be reliable either 
and would reveal different call chains at different times. Well, one 
with bn_mul_add_words on top is most *likely* to appear, because that's 
where it customarily spends most of the time. Even though different, 
they would have common "bottom" with the end-less function on the top 
[of the common "bottom"]. What is it then?

Another reason for program to be classified as "hung" is that some 
operation is taking *much* longer time than expected. Now let's have a 
look at back-trace... It appears that application was forced to generate 
RSA key pair, which is not exactly fast operation, not fast at all. 
Moreover if there is some kind of asynchronous timeout mechanism in 
place, and timeout is shorter than time required to generate key pair, 
then application won't ever respond to input. Question is why does it 
generate key pair? This might be happening because application was not 
instructed to use pre-generated key pair complemented with a 
certificate. In which case application would have to generate 
self-signed certificate dynamically, which would take *much* longer time 
than user would every expect, and therefore application would be 
classified as "hung". Proper course of action would be to figure out how 
to provide application in question with certificate.

Or above is completely wrong and we are talking about "crash", not 
"hang"... A.

  From:       Brendan Plougonven <bplougon...@infovista.com>                                                                         
                                                                                                                                     
  To:         "openssl-dev@openssl.org" <openssl-dev@openssl.org>                                                                    
                                                                                                                                     
  Date:       01/09/2010 01:42 AM                                                                                                    
                                                                                                                                     
  Subject:    bn_mul_add_words() hangs on my linux-x86_64 built                                                                      
                                                                                                                                     
  Sent by:    owner-openssl-...@openssl.org                                                                                          
                                                                                                                                     





I built an application that includes omniORB which statically links to
openssl-0.9.8k and it hangs with the following stack:

#0  0x0000002aa7774419 in bn_mul_add_words ()
#1  0x0000002aa77bdd5c in BN_from_montgomery ()
#2  0x0000002aa77bdb7b in BN_mod_mul_montgomery ()
#3  0x0000002aa77b63c0 in BN_mod_exp_mont ()
#4  0x0000002aa77bc93e in witness ()
#5  0x0000002aa77bc880 in BN_is_prime_fasttest_ex ()
#6  0x0000002aa77bc324 in BN_generate_prime_ex ()
#7  0x0000002aa78ca089 in rsa_builtin_keygen ()
#8  0x0000002aa78c9e20 in RSA_generate_key_ex ()
#9  0x0000002aa78c05fa in RSA_generate_key ()
#10 0x0000002aa78b9944 in sslContext::set_ephemeralRSA ()
#11 0x0000002aa78ba06f in sslContext::internal_initialise ()
#12 0x0000002aa78b92af in omni::omni_sslTransport_initialiser::attach ()
#13 0x0000002aa780542c in omni::omni_hooked_initialiser::attach ()
#14 0x0000002aa7802adb in CORBA::ORB_init ()
#15 0x0000002aa76f4926 in CORBAorb::initialize ()

That looks like the issue 11. In the [BUILD] section of the FAQ.
./config –t and openssl version –p give the same value linux-x86_64

I built openssl with:

./Configure shared no-rc5 no-idea enable-fips no-asm no-sse2 linux-x86_64
--prefix=`pwd`

I tried ./config shared, but that led to the same results.

It was built on Red Hat Enterprise Linux AS release 4 (Nahant Update 8).
Linux 2.6.9-67.0.7.EL #1 Wed Feb 27 04:37:13 EST 2008 x86_64 x86_64 x86_64
GNU/Linux
with gcc (GCC) 3.4.6 20060404 (Red Hat 3.4.6-11)

Would anyone have a clue as to what is wrong with my build ?

Brendan
:��I"Ϯ��r�m����(���Z+�7�zZ)���1���x��h���W^��^��%��

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org