We are seeing a segfault when TLS 1.2 is enabled with OpenSSL 1.0.1e (also
with 1.0.1a). We are running Apache Traffic Server on RHEL6 and when we
upgraded OpenSSL from 1.0.0 to 1.0.1 we started seeing this issue. I was
able to narrow down the issue to TLS 1.2 by disabling TLS 1.2. The crash
consistently happens in less than 1 hour when receiving production load
(~1000 requests per second) where approx. 15-20% of requests are https.
Some more details can be obtained from the traffic server reported bug
(https://issues.apache.org/jira/browse/TS-2355). I don't know anything
about OpenSSL but did some poking around on the core dump (maybe this will
help):
[OS-RHEL6 OpenSSL-1.0.1e debug build]
Program terminated with signal 11, Segmentation fault.
#0 0x00002aed38e036b1 in EVP_DigestFinal_ex (ctx=0x2aed482007d0,
md=0x2aed48200750 "", size=0x2aed48200804) at digest.c:271
271 digest.c: No such file or directory.
in digest.c
Missing separate debuginfos, use: debuginfo-install
expat-2.0.1-11.el6_2.x86_64 glibc-2.12-1.107.el6.x86_64
hwloc-1.5-1.el6.x86_64 libattr-2.4.44-7.el6.x86_64
libcap-2.16-5.5.el6.x86_64 libevent-1.4.13-4.el6.x86_64
libgcc-4.4.7-3.el6.x86_64 libstdc++-4.4.7-3.el6.x86_64
libxml2-2.7.6-12.el6_4.1.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64
numactl-2.0.7-6.el6.x86_64 openssl-1.0.0-27.el6.x86_64
pciutils-libs-3.1.10-2.el6.x86_64 pcre-7.8-6.el6.x86_64
tcl-8.5.7-6.el6.x86_64 xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64
zlib-1.2.3-29.el6.x86_64
(gdb) where
#0 0x00002aed38e036b1 in EVP_DigestFinal_ex (ctx=0x2aed482007d0,
md=0x2aed48200750 "", size=0x2aed48200804) at digest.c:271
#1 0x00002aed38ab0c0b in tls1_final_finish_mac (s=0x2aedd06d7990,
str=0x2aed38ad7869 "client finished", slen=15, out=0x2aedd04b0b24 "") at
t1_enc.c:926
#2 0x00002aed38aa413c in ssl3_do_change_cipher_spec (s=0x2aedd06d7990) at
s3_pkt.c:1462
#3 0x00002aed38aa3c58 in ssl3_read_bytes (s=0x2aedd06d7990, type=22,
buf=0x2aedd0388400 "\020", len=4, peek=0) at s3_pkt.c:1306
#4 0x00002aed38aa5068 in ssl3_get_message (s=0x2aedd06d7990, st1=8608,
stn=8609, mt=-1, max=516, ok=0x2aed48200a9c) at s3_both.c:451
#5 0x00002aed38a93ed7 in ssl3_get_cert_verify (s=0x2aedd06d7990) at
s3_srvr.c:2924
#6 0x00002aed38a8f25c in ssl3_accept (s=0x2aedd06d7990) at s3_srvr.c:677
#7 0x00002aed38ac131c in SSL_accept (s=0x2aedd06d7990) at ssl_lib.c:940
#8 0x00000000006710ba in SSLNetVConnection::sslServerHandShakeEvent
(this=0x2aedc0129cb0, err=@0x2aed48200d1c) at SSLNetVConnection.cc:488
#9 0x0000000000672977 in SSLNetVConnection::sslStartHandShake
(this=0x2aedc0129cb0, event=<value optimized out>, err=@0x2aed48200d1c) at
SSLNetVConnection.cc:470
#10 0x0000000000671bd2 in SSLNetVConnection::net_read_io
(this=0x2aedc0129cb0, nh=0x2aed42834bf0, lthread=0x2aed42831010) at
SSLNetVConnection.cc:217
#11 0x000000000067b6b2 in NetHandler::mainNetEvent (this=0x2aed42834bf0,
event=<value optimized out>, e=<value optimized out>) at UnixNet.cc:386
#12 0x00000000006a314f in handleEvent (this=0x2aed42831010, e=0x113cc70,
calling_code=5) at I_Continuation.h:146
#13 EThread::process_event (this=0x2aed42831010, e=0x113cc70,
calling_code=5) at UnixEThread.cc:141
#14 0x00000000006a3b33 in EThread::execute (this=0x2aed42831010) at
UnixEThread.cc:265
#15 0x00000000006a1fea in spawn_thread_internal (a=0x1349630) at
Thread.cc:88
#16 0x00002aed3934d851 in start_thread () from /lib64/libpthread.so.0
#17 0x000000324f0e890d in clone () from /lib64/libc.so.6
(gdb) f 7
#7 0x00002aed38ac131c in SSL_accept (s=0x2aedd06d7990) at ssl_lib.c:940
940 ssl_lib.c: No such file or directory.
in ssl_lib.c
(gdb) print *s
$1 = {version = 769, type = 8192, method = 0x2aed38ce6e00, rbio =
0x2aedd024f760, wbio = 0x2aedd006a7e0, bbio = 0x2aedd006a7e0, rwstate = 1,
in_handshake = 1, handshake_func = 0x2aed38a8e41e <ssl3_accept>, server =
1, new_session = 0,
quiet_shutdown = 1, shutdown = 0, state = 8608, rstate = 240, init_buf =
0x2aedd055b2d0, init_msg = 0x2aedd0388404, init_num = 0, init_off = 0,
packet = 0x2aee3816fbf3 "\024\003\001", packet_length = 0, s2 = 0x0, s3 =
0x2aedd04b0810,
d1 = 0x0, read_ahead = 0, msg_callback = 0, msg_callback_arg = 0x0, hit
= 0, param = 0x2aedd00060e0, cipher_list = 0x0, cipher_list_by_id = 0x0,
mac_flags = 0, enc_read_ctx = 0x2aedd0697ce0, read_hash = 0x2aedd03399a0,
expand = 0x0,
enc_write_ctx = 0x0, write_hash = 0x0, compress = 0x0, cert =
0x2aedd00e4030, sid_ctx_length = 0, sid_ctx = '\000' <repeats 31 times>,
session = 0x2aedd01cc080, generate_session_id = 0, verify_mode = 0,
verify_callback = 0,
info_callback = 0, error = 0, error_code = 0, psk_client_callback = 0,
psk_server_callback = 0, ctx = 0x1344430, debug = 0, verify_result = 0,
ex_data = {sk = 0x2aedd033a6c0, dummy = 0}, client_CA = 0x0, references =
1, options = 21102596,
mode = 0, max_cert_list = 102400, first_packet = 0, client_version =
771, max_send_fragment = 16384, tlsext_debug_cb = 0, tlsext_debug_arg =
0x0, tlsext_hostname = 0x0, servername_done = 1, tlsext_status_type = -1,
tlsext_status_expected = 0, tlsext_ocsp_ids = 0x0, tlsext_ocsp_exts =
0x0, tlsext_ocsp_resp = 0x0, tlsext_ocsp_resplen = -1,
tlsext_ticket_expected = 1, tlsext_ecpointformatlist_length = 0,
tlsext_ecpointformatlist = 0x0,
tlsext_ellipticcurvelist_length = 0, tlsext_ellipticcurvelist = 0x0,
tlsext_opaque_prf_input = 0x0, tlsext_opaque_prf_input_len = 0,
tlsext_session_ticket = 0x0, tls_session_ticket_ext_cb = 0,
tls_session_ticket_ext_cb_arg = 0x0,
tls_session_secret_cb = 0, tls_session_secret_cb_arg = 0x0, initial_ctx
= 0x1344430, next_proto_negotiated = 0x0, next_proto_negotiated_len = 0
'\000', srtp_profiles = 0x0, srtp_profile = 0x0, tlsext_heartbeat = 0,
tlsext_hb_pending = 0,
tlsext_hb_seq = 0, renegotiate = 2, srp_ctx = {SRP_cb_arg = 0x0,
TLS_ext_srp_username_callback = 0, SRP_verify_param_callback = 0,
SRP_give_srp_client_pwd_callback = 0, login = 0x0, N = 0x0, g = 0x0, s =
0x0, B = 0x0, A = 0x0, a = 0x0,
b = 0x0, v = 0x0, info = 0x0, strength = 1024, srp_Mask = 0}}
(gdb) print *s->ctx
$2 = {method = 0x2aed38ce6700, cipher_list = 0x1345360, cipher_list_by_id
= 0x1345240, cert_store = 0x13449a0, sessions = 0x1344850,
session_cache_size = 20480, session_cache_head = 0x2aede82fe200,
session_cache_tail = 0x2aee080010b0,
session_cache_mode = 2, session_timeout = 300, new_session_cb = 0,
remove_session_cb = 0, get_session_cb = 0, stats = {sess_connect = 0,
sess_connect_renegotiate = 0, sess_connect_good = 0, sess_accept = 12625,
sess_accept_renegotiate = 0,
sess_accept_good = 12321, sess_miss = 1549, sess_timeout = 0,
sess_cache_full = 0, sess_hit = 3043, sess_cb_hit = 0}, references = 8057,
app_verify_callback = 0, app_verify_arg = 0x0, default_passwd_callback =
0,
default_passwd_callback_userdata = 0x0, client_cert_cb = 0,
app_gen_cookie_cb = 0, app_verify_cookie_cb = 0, ex_data = {sk = 0x0,
dummy = 0}, rsa_md5 = 0x2aed390f7c20, md5 = 0x2aed390f7c20, sha1 =
0x2aed390f7d20, extra_certs = 0x1346ca0,
comp_methods = 0x1342ce0, info_callback = 0, client_CA = 0x1345060,
options = 21102596, mode = 0, max_cert_list = 102400, cert = 0x1344720,
read_ahead = 0, msg_callback = 0, msg_callback_arg = 0x0, verify_mode = 0,
sid_ctx_length = 0,
sid_ctx = '\000' <repeats 31 times>, default_verify_callback = 0,
generate_session_id = 0, param = 0x1345020, quiet_shutdown = 1,
max_send_fragment = 16384, client_cert_engine = 0x0,
tlsext_servername_callback = 0x675550
<ssl_servername_callback(SSL*, int*, void*)>, tlsext_servername_arg =
0x1343120, tlsext_tick_key_name = "\r(T[\177\025\267\216\326\213ω:\277a)",
tlsext_tick_hmac_key = "]wEz9.Cȕc\237\002_--o",
tlsext_tick_aes_key = "@7\333a\026cf\274\312\346\273]m\344\217A",
tlsext_ticket_key_cb = 0, tlsext_status_cb = 0, tlsext_status_arg = 0x0,
tlsext_opaque_prf_input_callback = 0, tlsext_opaque_prf_input_callback_arg
= 0x0,
psk_identity_hint = 0x0, psk_client_callback = 0, psk_server_callback =
0, freelist_max_len = 32, wbuf_freelist = 0x13451f0, rbuf_freelist =
0x13451d0, srp_ctx = {SRP_cb_arg = 0x0, TLS_ext_srp_username_callback = 0,
SRP_verify_param_callback = 0, SRP_give_srp_client_pwd_callback = 0,
login = 0x0, N = 0x0, g = 0x0, s = 0x0, B = 0x0, A = 0x0, a = 0x0, b =
0x0, v = 0x0, info = 0x0, strength = 1024, srp_Mask = 0},
next_protos_advertised_cb = 0,
next_protos_advertised_cb_arg = 0x0, next_proto_select_cb = 0,
next_proto_select_cb_arg = 0x0, srtp_profiles = 0x0}
(gdb) f 1
#1 0x00002aed38ab0c0b in tls1_final_finish_mac (s=0x2aedd06d7990,
str=0x2aed38ad7869 "client finished", slen=15, out=0x2aedd04b0b24 "") at
t1_enc.c:926
926 t1_enc.c: No such file or directory.
in t1_enc.c
(gdb) print *s->ctx
$3 = {method = 0x2aed38ce6700, cipher_list = 0x1345360, cipher_list_by_id
= 0x1345240, cert_store = 0x13449a0, sessions = 0x1344850,
session_cache_size = 20480, session_cache_head = 0x2aede82fe200,
session_cache_tail = 0x2aee080010b0,
session_cache_mode = 2, session_timeout = 300, new_session_cb = 0,
remove_session_cb = 0, get_session_cb = 0, stats = {sess_connect = 0,
sess_connect_renegotiate = 0, sess_connect_good = 0, sess_accept = 12625,
sess_accept_renegotiate = 0,
sess_accept_good = 12321, sess_miss = 1549, sess_timeout = 0,
sess_cache_full = 0, sess_hit = 3043, sess_cb_hit = 0}, references = 8057,
app_verify_callback = 0, app_verify_arg = 0x0, default_passwd_callback =
0,
default_passwd_callback_userdata = 0x0, client_cert_cb = 0,
app_gen_cookie_cb = 0, app_verify_cookie_cb = 0, ex_data = {sk = 0x0,
dummy = 0}, rsa_md5 = 0x2aed390f7c20, md5 = 0x2aed390f7c20, sha1 =
0x2aed390f7d20, extra_certs = 0x1346ca0,
comp_methods = 0x1342ce0, info_callback = 0, client_CA = 0x1345060,
options = 21102596, mode = 0, max_cert_list = 102400, cert = 0x1344720,
read_ahead = 0, msg_callback = 0, msg_callback_arg = 0x0, verify_mode = 0,
sid_ctx_length = 0,
sid_ctx = '\000' <repeats 31 times>, default_verify_callback = 0,
generate_session_id = 0, param = 0x1345020, quiet_shutdown = 1,
max_send_fragment = 16384, client_cert_engine = 0x0,
tlsext_servername_callback = 0x675550 <ssl_servername_callback(SSL*,
int*, void*)>, tlsext_servername_arg = 0x1343120, tlsext_tick_key_name =
"\r(T[\177\025\267\216\326\213ω:\277a)", tlsext_tick_hmac_key =
"]wEz9.Cȕc\237\002_--o",
tlsext_tick_aes_key = "@7\333a\026cf\274\312\346\273]m\344\217A",
tlsext_ticket_key_cb = 0, tlsext_status_cb = 0, tlsext_status_arg = 0x0,
tlsext_opaque_prf_input_callback = 0, tlsext_opaque_prf_input_callback_arg
= 0x0,
psk_identity_hint = 0x0, psk_client_callback = 0, psk_server_callback =
0, freelist_max_len = 32, wbuf_freelist = 0x13451f0, rbuf_freelist =
0x13451d0, srp_ctx = {SRP_cb_arg = 0x0, TLS_ext_srp_username_callback = 0,
SRP_verify_param_callback = 0, SRP_give_srp_client_pwd_callback = 0,
login = 0x0, N = 0x0, g = 0x0, s = 0x0, B = 0x0, A = 0x0, a = 0x0, b =
0x0, v = 0x0, info = 0x0, strength = 1024, srp_Mask = 0},
next_protos_advertised_cb = 0,
next_protos_advertised_cb_arg = 0x0, next_proto_select_cb = 0,
next_proto_select_cb_arg = 0x0, srtp_profiles = 0x0}
(gdb) f 1
#1 0x00002aed38ab0c0b in tls1_final_finish_mac (s=0x2aedd06d7990,
str=0x2aed38ad7869 "client finished", slen=15, out=0x2aedd04b0b24 "") at
t1_enc.c:926
926 in t1_enc.c
(gdb) info locals
hashsize = 16
i = 72
ctx = {digest = 0x0, engine = 0x0, flags = 0, md_data = 0x0, pctx = 0x0,
update = 0}
buf = '\000' <repeats 48 times>"\320, \a
HH\000\000\000`\365r\320\355*\000\000(\bK\320\355*\000\000\362x\255\070\355
*\000\000`\365r\320\355*\000\000\210\365r\320\355*\000\000\250\365r\320\355
*\000\000\016Q\325\070\001\000\000\000\340|i\320\355*\000\000\200\001\017\0
71\355*\000"
q = 0x2aed48200750 ""
buf2 = '\000' <repeats 11 times>
idx = 0
mask = 16
err = 0
md = 0x2aed390f7c20
(gdb) print s->ctx
$4 = (SSL_CTX *) 0x1344430
(gdb) print s->s3->handshake_dgst
$5 = (EVP_MD_CTX **) 0x2aedd06c1db0
(gdb) print s->s3->handshake_dgst[0]
$6 = (EVP_MD_CTX *) 0x0
(gdb) print s->s3
$7 = (struct ssl3_state_st *) 0x2aedd04b0810
(gdb) print *s->s3
$8 = {flags = 0, delay_buf_pop_ret = 0, read_sequence =
"\000\000\000\000\000\000\000", read_mac_secret_size = 20, read_mac_secret
= "\323b\264g7\345\362\002\222>\276\377\333\350{\204`\032\237\233", '\000'
<repeats 43 times>,
write_sequence = "\000\000\000\000\000\000\000", write_mac_secret_size =
0, write_mac_secret = '\000' <repeats 63 times>, server_random =
"R\246\063\306]\360\331\320/r\363\356S\355!\nD\021\323\n\021\035\070\302\33
0\300Փm\223\\\276",
client_random =
"R\246\063\310\001\273\016͐qձL\v\341\202\235\070\216\250\262\254\343\243Q\2
34M,Y\001\352\063", need_empty_fragments = 0, empty_fragment_done = 0,
init_extra = 0, rbuf = {buf = 0x2aee3816fbf0 "\026\003\001\024\003\001",
len = 16712, offset = 9, left = 0}, wbuf = {buf = 0x2aee38173d40
"P\364\061\025\003\001", len = 16560, offset = 10, left = 0}, rrec = {type
= 20, length = 0, off = 0, data = 0x2aee3816fbf8 "\001", input =
0x2aee3816fbf8 "\001", comp = 0x0,
epoch = 0, seq_num = "\000\000\000\000\000\000\000"}, wrec = {type =
21, length = 7, off = 0, data = 0x2aee38173d48 "\002F", input =
0x2aee38173d48 "\002F", comp = 0x0, epoch = 0, seq_num =
"\000\000\000\000\000\000\000"},
alert_fragment = "\000", alert_fragment_len = 0, handshake_fragment =
"\000\000\000", handshake_fragment_len = 0, wnum = 0, wpend_tot = 2,
wpend_type = 21, wpend_ret = 2, wpend_buf = 0x2aedd04b09e8 "\002F",
handshake_buffer = 0x0,
handshake_dgst = 0x2aedd06c1db0, change_cipher_spec = 1, warn_alert = 0,
fatal_alert = 0, alert_dispatch = 0, send_alert = "\002F", renegotiate =
0, total_renegotiations = 0, num_renegotiations = 0, in_read_app_data = 0,
client_opaque_prf_input = 0x0, client_opaque_prf_input_len = 0,
server_opaque_prf_input = 0x0, server_opaque_prf_input_len = 0, tmp = {
cert_verify_md =
"_\005X\370E\271ׄ\357\207Y\330\024\021-\216\262\303\060]\345\"\326\353ɦ\017
\006'\345\a4", '\000' <repeats 95 times>, finish_md = '\000' <repeats 127
times>, finish_md_len = 0, peer_finish_md = '\000' <repeats 127 times>,
peer_finish_md_len = 0, message_size = 258, message_type = 16,
new_cipher = 0x2aed38ce8400, dh = 0x0, ecdh = 0x0, next_state = 8576,
reuse_message = 0, cert_req = 0, ctype_num = 0, ctype =
"\000\000\000\000\000\000\000\000",
ca_names = 0x0, use_rsa_tmp = 0, key_block_length = 72,
key_block = 0x2aedd072f560
"\323b\264g7\345\362\002\222>\276\377\333\350{\204`\032\237\233\300\247*\35
0{\331c\357\221\006#_^ͭ@\366\363\247\214\067`\366ל*\323j\301\003\243=\240\0
31z\240\314\003\330\004\373\265\266rd\244TɗI\035\034u",
new_sym_enc = 0x2aed390f0180, new_hash = 0x2aed390f7d20,
new_mac_pkey_type = 855, new_mac_secret_size = 20, new_compression = 0x0,
cert_request = 0}, previous_client_finished = '\000' <repeats 63 times>,
previous_client_finished_len = 0 '\000', previous_server_finished =
'\000' <repeats 63 times>, previous_server_finished_len = 0 '\000',
send_connection_binding = 1, next_proto_neg_seen = 0}
(gdb) print *md
$9 = {type = 4, pkey_type = 8, md_size = 16, flags = 0, init =
0x2aed38e0c0bc <init>, update = 0x2aed38e0c0da <update>, final =
0x2aed38e0c10b <final>, copy = 0, cleanup = 0, sign = 0x2aed38dd8490
<RSA_sign>,
verify = 0x2aed38dd8ccc <RSA_verify>, required_pkey_type = {6, 19, 0, 0,
0}, block_size = 64, ctx_size = 100, md_ctrl = 0}
(gdb) print s->s3->tmp.new_cipher->algorithm2
$10 = 49200
(gdb) print ctx->digest->md_size
Cannot access memory at address 0x8
(gdb) f 0
#0 0x00002aed38e036b1 in EVP_DigestFinal_ex (ctx=0x2aed482007d0,
md=0x2aed48200750 "", size=0x2aed48200804) at digest.c:271
271 digest.c: No such file or directory.
in digest.c
(gdb) print ctx->digest->md_size
Cannot access memory at address 0x8
(gdb) print *ctx
$12 = {digest = 0x0, engine = 0x0, flags = 0, md_data = 0x0, pctx = 0x0,
update = 0}
(gdb) f 3
#3 0x00002aed38aa3c58 in ssl3_read_bytes (s=0x2aedd06d7990, type=22,
buf=0x2aedd0388400 "\020", len=4, peek=0) at s3_pkt.c:1306
1306 s3_pkt.c: No such file or directory.
in s3_pkt.c
(gdb) info local
al = 0
i = -1116221696
j = 247265824
ret = 1
n = 1679834243
rr = 0x2aedd04b0930
cb = 0
(gdb) x/5b buf
0x2aedd0388400: 0x10 0x00 0x01 0x02 0x01
(gdb) print *rr
$13 = {type = 20, length = 0, off = 0, data = 0x2aee3816fbf8 "\001", input
= 0x2aee3816fbf8 "\001", comp = 0x0, epoch = 0, seq_num =
"\000\000\000\000\000\000\000"}
(gdb) print s->msg_callback
$14 = (void (*)(int, int, int, const void *, size_t, SSL *, void *)) 0
(gdb) print s->s3->tmp.new_cipher
$15 = (const SSL_CIPHER *) 0x2aed38ce8400
(gdb) print *s->s3->tmp.new_cipher
$16 = {valid = 1, name = 0x2aed38ad652f "RC4-SHA", id = 50331653,
algorithm_mkey = 1, algorithm_auth = 1, algorithm_enc = 4, algorithm_mac =
2, algorithm_ssl = 2, algo_strength = 65, algorithm2 = 49200,
strength_bits = 128, alg_bits = 128}
(gdb) quit
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
