[openssl-dev] [openssl.org #3693] crash in 32-bit OpenSSL (1.0.1j-fips) when external .so dynamically loads libcrypto.so

Seth Grover via RT rt at openssl.org
Tue Feb 10 19:13:11 UTC 2015 

Greetings,

I have a reproducible crash in ssleay_rand_add (via SSL_library_init)
under the following scenario:

* x86_64 3.10.59 Linux kernel
* 32-bit OpenSSL 1.0.1j-fips
* C main program (compiled with gcc) linked against openssl libraries at
  compile-time
* Pascal (compiled with the Free Pascal compiler) shared object
  library loading openssl library dynamically at run time

This only occurs with a 32-bit executable (64-bit works fine both
with and withoug FIPS) and only when using the FIPS canister (32-bit
seems to work fine if not using FIPS).

Upon initialization of the .so, a segfault occurs with the following
backtrace beginning with SSL_library_init:

 #0 ssleay_rand_add at md_rand.c:320
 #1 RAND_add at rand_lib.c:158
 #2 RAND_poll at rand_unix.c:393
 #3 ssleay_rand_bytes at md_rand.c:396
 #4 drbg_get_entropy at rand_lib.c:203
 #5 fips_get_entropy from /usr/lib/libcrypto.so.1.0.0
 #6 FIPS_drbg_instantiate from /usr/lib/libcrypto.so.1.0.0
 #7 RAND_init_fips at rand_lib.c:298
 #8 OPENSSL_init at o_init.c:76
 #9 EVP_add_cipher at names.c:71
 #10 SSL_library_init at ssl_algs.c:68
 #11 INITSSLINTERFACE at fpc/ssl_openssl_lib.pas:2054
 #12 P$FPCLIB_main at fpc/fpclib.lpr:12
 #13 SI_DLL__FPC_SHARED_LIB_START$LONGWORD$POINTER$POINTER from
./libfpclib.so
 #14 call_init at dl-init.c:69
 #15 call_init at dl-init.c:34
 #16 _dl_init at dl-init.c:133
 #17 _dl_start_user from /lib/ld-linux.so.2

I have attached a tarball containing the following:

* all of the source code (C and Pascal)
* a bash script which compiles and runs the sample program/library
* a gdb core file taken upon receipt of the SIGSEGV
* a text file with the backtrace and shared library information

Hopefully with everything in this tarball you will be able to reproduce
the crash.

Please let me know what you find or if there is any additional information
you need.

Thanks,

Seth Grover
sethdgrover at gmail.com

--
Seth Grover

ΜΟΛΩΝ ΛΑΒΕ

-------------- next part --------------
A non-text attachment was scrubbed...
Name: fpc_ssl_fips_32bit_init_crash.tar.gz
Type: application/x-gzip
Size: 460335 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150210/8cd7f660/attachment-0001.bin>

More information about the openssl-dev mailing list