Claus Assmann wrote: > I'm getting a crash in sha1_block_data_order_ssse3() but currently > I don't know how to debug this further as I'm not very familiar > with the internals... Any suggestions for tracking this down are > appreciated, e.g., is it something in the application or in OpenSSL? > The problem is 100% reproducible in this application (SMTP server) > but it doesn't happen in others (e.g., sendmail 8) using the same > OpenSSL setup. I found some other instances of this crash online > but seemingly without conclusion what's actually wrong. > > Here's some information: > > $ openssl version -a > OpenSSL 1.0.1e 11 Feb 2013 > built on: Fri Dec 13 06:33:28 PST 2013 > platform: debug-BSD-x86_64 > options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) > compiler: gcc -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT > -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIOS -g -Wall -DOPENSSL_IA32_SSE2 > -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM > -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM > -DWHIRLPOOL_ASM -DGHASH_ASM > OPENSSLDIR: "/home/ca/FreeBSD" > > Note: this only happens (so far) on *BSD x86_64 (it doesn't crash > on Linux x86_64 which should use the same asm code and of course > the application works fine on other platforms or when OpenSSL is > configured with no-asm). > Here's a gdb session (some parts omitted, it's rather long): > > 271 if (k > 0) > (gdb) > 277 MD_Update(&m,&(state[st_idx]),j); > (gdb) > 280 MD_Update(&m,buf,j); > (gdb) > 288 MD_Update(&m,(unsigned char > *)&(md_c[0]),sizeof(md_c)); > (gdb) > 289 MD_Final(&m,local_md); > (gdb) > > Program received signal SIGBUS, Bus error. > sha1_block_data_order_ssse3 () at sha1-x86_64.s:1328 > 1328 movdqa %xmm0,0(%rsp)
> Current language: auto; currently asm > > (gdb) where > #0 sha1_block_data_order_ssse3 () at sha1-x86_64.s:1328 > #1 0x0000000000000070 in ?? () > #2 0x0000000000724150 in ?? () > #3 0x0000000000000000 in ?? () > > (gdb) i all ... > rsp 0x800736048 0x800736048 Apparently, stack can be misaligned on BSD (nasty! is it even allowed by amd64 ABI?), and openssl fails to deal with it (funnily, it aligns stack in non-ssse3 version [where it is only efficiency issue], but fails to do this in ssse3 version [where it is mandatory]). (And on linux stack is always 16-byte aligned.) *Completely untested* patch attached.
>From 353a961d102fb26188078b8f9dd9a37d22e3f6e8 Mon Sep 17 00:00:00 2001 From: "Yuriy M. Kaminskiy" <yum...@gmail.com> Date: Sun, 15 Dec 2013 22:43:49 +0400 Subject: [PATCH] sha/asm/sha1-x86_64.pl ssse3: enforce stack alignment Stack can be misaligned on some BSD, resulting in exception. > Program received signal SIGBUS, Bus error. > sha1_block_data_order_ssse3 () at sha1-x86_64.s:1328 > 1328 movdqa %xmm0,0(%rsp) > (gdb) i all ... > rsp 0x800736048 0x800736048. Reported-by: Claus Assmann <ca+ssl-...@esmtp.org> --- crypto/sha/asm/sha1-x86_64.pl | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) !!! XXX XXX XXX ONLY COMPILE-TESTED XXX XXX XXX !!! diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl index f15c7ec..172a8cd 100755 --- a/crypto/sha/asm/sha1-x86_64.pl +++ b/crypto/sha/asm/sha1-x86_64.pl @@ -311,7 +311,9 @@ _ssse3_shortcut: push %rbx push %rbp push %r12 + mov %rsp,%rbp lea `-64-($win64?5*16:0)`(%rsp),%rsp + and \$-64,%rsp ___ $code.=<<___ if ($win64); movaps %xmm6,64+0(%rsp) @@ -701,7 +703,7 @@ $code.=<<___ if ($win64); movaps 64+64(%rsp),%xmm10 ___ $code.=<<___; - lea `64+($win64?5*16:0)`(%rsp),%rsi + mov %rbp, %rsi mov 0(%rsi),%r12 mov 8(%rsi),%rbp mov 16(%rsi),%rbx -- 1.7.6.3