[openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function
Tiantian Liu via RT
rt at openssl.org
Thu Oct 1 14:18:48 UTC 2015
Hi,
Good morning! Thanks for your response.
I configured my OpenSSL with '-d' option to enable the debugging information. Where I don't know how to use it during my application running.
So I used gcc GDB function to debug.
My application is a multi-process program. I started my application and attached GDB to on process which will call SSL methods.
I got the segmentation fault and dumped the calling stack like:
(gdb)
(gdb) Working Directory: /MCM_Red_Hat_Enterprise5_4_2_16old/
Home Directory: /MCM_Red_Hat_Enterprise5_4_2_16old/
(gdb) attach 3477
Attaching to program: /MCM_Red_Hat_Enterprise5_4_2_16old/mlt_serv4, process 3477
`system-supplied DSO at 0x9e6000' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread -1208351024 (LWP 3477)]
[New Thread -1241924720 (LWP 3484)]
[New Thread -1239299184 (LWP 3483)]
[New Thread -1236673648 (LWP 3482)]
[New Thread -1234048112 (LWP 3481)]
[New Thread -1231422576 (LWP 3480)]
Loaded symbols for /usr/lib/libkrb5.so.3
Loaded symbols for /usr/lib/libk5crypto.so.3
Loaded symbols for /usr/lib/libptcoresdk.so.2
Loaded symbols for /lib/libcom_err.so.2
Loaded symbols for /usr/lib/libstdc++.so.6
Loaded symbols for /usr/lib/libssl.so.1.0.0
Loaded symbols for /usr/lib/libcrypto.so.1.0.0
Loaded symbols for /lib/libdl.so.2
Loaded symbols for /lib/i686/nosegneg/libpthread.so.0
Loaded symbols for /lib/i686/nosegneg/libc.so.6
Loaded symbols for /usr/lib/libkrb5support.so.0
Loaded symbols for /lib/libresolv.so.2
Loaded symbols for /lib/libgcc_s.so.1
Loaded symbols for /lib/i686/nosegneg/libm.so.6
Loaded symbols for /lib/ld-linux.so.2
0x009e6402 in __kernel_vsyscall ()
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1231422576 (LWP 3480)]
0x00dd87e8 in SSL_clear (s=0xb4a03ec8) at ssl_lib.c:219
219 if (s->renegotiate) {
(gdb) where
#0 0x00dd87e8 in SSL_clear (s=0xb4a03ec8) at ssl_lib.c:219
#1 0x00db211f in ssl3_connect (s=0xb4a03ec8) at s3_clnt.c:209
#2 0x0810bf05 in ConnectSSL_ex (ssl=0xb4a03ec8, sock=8, error=0xb698f13c "072410333.qrl", diag=0xb699ac7c "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg", isDiag=2 '\002', timeout=15) at ../multi_client/source_Host_C_Code/ssl_open.c:556
#3 0x0810c26f in SSL_connect_tr_ex (sslc=0xb698f670, msg=0xb698f13c "072410333.qrl", pssl=0xb698ef10, diag=0xb699ac7c "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg", isDiag=2 '\002') at ../multi_client/source_Host_C_Code/ssl_open.c:693
#4 0x081088e1 in Givex_doSSLConnect (sslc=0xb698f670, dsp=0xb698f647 "¶ô\217\204", CCi=0xb699ab14, IPind=1, ind2=0xb698f208, DiagFile=0xb699ac7c "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg")
at ../multi_client/source_Host_C_Code/openssl.c:1075
#5 0x08101441 in Givex_ConnectSSL (sslc=0xb698f670, dsp=0xb698f647 "¶ô\217\204", CCi=0xb699ab14, Flg=0, DiagFile=0xb699ac7c "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg") at ../multi_client/source_Host_C_Code/GIFT.c:213
#6 0x08103abc in sendtoGivex (TransType=68 'D', CCrq=0xb698fd6c, CCi=0xb699ab14, CCo=0xb6997d10, CCGr=0xb6990f08, OperatorId=0xb699c534 "", DiagFile=0xb699ac7c "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg")
at ../multi_client/source_Host_C_Code/GIFT.c:2166
#7 0x08105041 in GIFT_Authorize_cd (TransType=68 'D', AuthNum=0xb699c4af "", SecurityCode=0xb699c612 "", PromoCode=0xb699c528 "", OperatorId=0xb699c534 "", CCi=0xb699ab14, CCo=0xb6997d10, CCGr=0xb6990f08)
at ../multi_client/source_Host_C_Code/GIFT.c:3013
#8 0x080b7849 in CCm_Authorize_cd (PosNum=0xb699c490 "100001", CardNo=0xb699c45b "603628465812000010140", ExpDate=0xb698ffaa "", AuthNum=0xb699c4af "", Amount=0, TransType=68 'D', CardType=51 '3', Fld3=0xb699c612 "", SAmount=0,
PromoCode=0xb699c528 "", OperatorId=0xb699c534 "", CCi=0xb699ab14, CCo=0xb6997d10, CCGr=0xb6990f08, ProductCodes=0x0) at ../multi_client/source_Host_C_Code/CDCA_M.c:22148
#9 0x08059e94 in Authorize_cd (PosNum=0xb699c490 "100001", CardNo=0xb699c45b "603628465812000010140", ExpDate=0xb699c484 "", AuthNum=0xb699c4af "", Amount=0, TransType=68 'D', CardType=<value optimized out>, Currency=0xb699c4c7 "124",
Fld1=0xb699c4cb "", Fld2=0xb699c4ea "", Fld3=0xb699c612 "", SAmount=0, PromoCode=0xb699c528 "", OperatorId=0xb699c534 "", CCi=0xb699ab14, CCo=0xb6997d10, CCGr=0xb6990f08, ProductCodes=0x0) at mlt_lib4.c:353
#10 0x08064989 in do_one_transaction_post (cln_sock_id=7, CCAuth_Res=0xb6997d10, Tstr=0xb699c458, CCAuth_PC=0xb699d830, CCAuth_Main=0xb699ab14, Tcct=0xb69985f5) at mlt_srv4.c:1668
#11 0x080663f3 in hCCm_OneTransaction () at mlt_srv4.c:2100
#12 0x004a0302 in start_thread () from /lib/i686/nosegneg/libpthread.so.0
#13 0x007dc3ae in clone () from /lib/i686/nosegneg/libc.so.6
(gdb) up
#1 0x00db211f in ssl3_connect (s=0xb4a03ec8) at s3_clnt.c:209
209 SSL_clear(s);
(gdb) down
#0 0x00dd87e8 in SSL_clear (s=0xb4a03ec8) at ssl_lib.c:219
219 if (s->renegotiate) {
(gdb)
The above message shows my application crash when it tried to refer the ‘renegotiate’ value?
I used the print command
(gdb) print s->renegotiate
And I got the value is :
$1 = 0 /* this means the ‘s->renegotiate’ is 0 */
Could you help me to figure out what happened?
Thanks,
Tyler
-----Original Message-----
From: Wayming Zhang via RT [mailto:rt at openssl.org]
Sent: September-30-15 9:48 AM
To: Tiantian Liu
Cc: openssl-dev at openssl.org
Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function
Is your process terminated or still alive after printing the last trace message?
" Going to call SSL_connect() 15"
If it is terminated already, is there any core dump file generated? If it is still alive, pstack command could help you to see what is happening.
I don't see turning on debug could print any trace in SSL_Connect() funciton. If you want to see what happens inside the function, run your program under debugger and set break point in SSL_Connect(), then run it step by step.
Wayming
On 30/09/15 03:32, Tiantian Liu via RT wrote:
> I downloaded the OpenSSL-1.0.1p.
>
> I configured it as :
>
> [root at lin5ent openssl-1.0.1p]# ./config -d --prefix=/usr/ shared
> threads
>
> /****************************************************************
> ******The configuration result
> as****************************************
>
> Operating system: i686-whatever-linux2 Configuring for debug-linux-elf
> Configuring for debug-linux-elf
> no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
> no-gmp [default] OPENSSL_NO_GMP (skip dir)
> no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)
> no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
> no-md2 [default] OPENSSL_NO_MD2 (skip dir)
> no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
> no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)
> no-sctp [default] OPENSSL_NO_SCTP (skip dir)
> no-store [experimental] OPENSSL_NO_STORE (skip dir)
> no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir)
> no-zlib [default]
> no-zlib-dynamic [default]
> IsMK1MF=0
> CC =gcc
> CFLAG =-fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
> EX_LIBS =-lefence -ldl
> CPUID_OBJ =x86cpuid.o
> BN_ASM =bn-586.o co-586.o x86-mont.o x86-gf2m.o
> DES_ENC =des-586.o crypt586.o
> AES_ENC =aes-586.o vpaes-x86.o aesni-x86.o
> BF_ENC =bf-586.o
> CAST_ENC =c_enc.o
> RC4_ENC =rc4-586.o
> RC5_ENC =rc5-586.o
> MD5_OBJ_ASM =md5-586.o
> SHA1_OBJ_ASM =sha1-586.o sha256-586.o sha512-586.o
> RMD160_OBJ_ASM=rmd-586.o
> CMLL_ENC =cmll-x86.o
> MODES_OBJ =ghash-x86.o
> ENGINES_OBJ =
> PROCESSOR =
> RANLIB =/usr/bin/ranlib
> ARFLAGS =
> PERL =/usr/bin/perl
> THIRTY_TWO_BIT mode
> DES_PTR used
> DES_RISC1 used
> DES_UNROLL used
> BN_LLONG mode
> RC4_INDEX mode
> RC4_CHUNK is undefined
> e_os2.h => include/openssl/e_os2.h
> making links in crypto...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto'
> crypto.h => ../include/openssl/crypto.h opensslv.h =>
> ../include/openssl/opensslv.h opensslconf.h =>
> ../include/openssl/opensslconf.h ebcdic.h =>
> ../include/openssl/ebcdic.h symhacks.h =>
> ../include/openssl/symhacks.h ossl_typ.h =>
> ../include/openssl/ossl_typ.h constant_time_test.c =>
> ../test/constant_time_test.c making links in crypto/objects...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/objects'
> objects.h => ../../include/openssl/objects.h obj_mac.h =>
> ../../include/openssl/obj_mac.h
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/objects'
> making links in crypto/md4...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/md4'
> md4.h => ../../include/openssl/md4.h
> md4test.c => ../../test/md4test.c
> md4.c => ../../apps/md4.c
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/md4'
> making links in crypto/md5...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/md5'
> md5.h => ../../include/openssl/md5.h
> md5test.c => ../../test/md5test.c
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/md5'
> making links in crypto/sha...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/sha'
> sha.h => ../../include/openssl/sha.h
> shatest.c => ../../test/shatest.c
> sha1test.c => ../../test/sha1test.c
> sha256t.c => ../../test/sha256t.c
> sha512t.c => ../../test/sha512t.c
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/sha'
> making links in crypto/mdc2...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/mdc2'
> mdc2.h => ../../include/openssl/mdc2.h mdc2test.c =>
> ../../test/mdc2test.c
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/mdc2'
> making links in crypto/hmac...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/hmac'
> hmac.h => ../../include/openssl/hmac.h ......
> srptest.c => ../../test/srptest.c
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/srp'
> making links in crypto/cmac...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/cmac'
> cmac.h => ../../include/openssl/cmac.h
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/cmac'
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto'
> making links in ssl...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/ssl'
> ssl.h => ../include/openssl/ssl.h
> ssl2.h => ../include/openssl/ssl2.h
> ssl3.h => ../include/openssl/ssl3.h
> ssl23.h => ../include/openssl/ssl23.h
> tls1.h => ../include/openssl/tls1.h
> dtls1.h => ../include/openssl/dtls1.h
> kssl.h => ../include/openssl/kssl.h
> srtp.h => ../include/openssl/srtp.h
> ssltest.c => ../test/ssltest.c
> heartbeat_test.c => ../test/heartbeat_test.c
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/ssl'
> making links in engines...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/engines'
> making links in engines/ccgost...
> make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/engines/ccgost'
> make[2]: Nothing to be done for `links'.
> make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/engines/ccgost'
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/engines'
> making links in apps...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/apps'
> make[1]: Nothing to be done for `links'.
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/apps'
> making links in test...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/test'
> make[1]: Nothing to be done for `links'.
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/test'
> making links in tools...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/tools'
> make[1]: Nothing to be done for `links'.
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/tools'
> generating dummy tests (if needed)...
> make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/test'
> make[1]: Nothing to be done for `generate'.
> make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/test'
>
> Configured for debug-linux-elf.
>
> ***********************************************************/
>
>
>
> Then I make it and got the ERROR message Told me undefined reference
> to 'pthread_mutex_trylock'
> Then I added '-lpthread' into the FLAG in Makefile. Then I went through and compiled successfully.
>
> Then I will ran my application again to see how SSL_connect() crash....
> Any requirement for me to start my application with OpenSSL (with
> debug enabled)? I mean to show me more information inside
> SSL_connect()
>
> Thanks,
> Tyler
>
>
>
>
>
> -----Original Message-----
> From: Matt Caswell via RT [mailto:rt at openssl.org]
> Sent: September-29-15 10:55 AM
> To: Tiantian Liu
> Cc: openssl-dev at openssl.org<mailto:openssl-dev at openssl.org>
> Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash
> happened inside SSL_Connect function
>
>
>
> On 29/09/15 15:45, Tiantian Liu via RT wrote:
>> Hi Matt,
>> Thanks for prompt response!
>> While I confirm with you that my application crashed INSIDE the SSL_connect() function.
> Your previous email indicated it was not crashing with SSLv23_method():
> "While the above code didn't work. I couldn't reach the server. Though the SSL_connect() didn't crash, it returned as..."
>
> So my advice was meant for that scenario.
>
>> So SSL_connect has no chance to return the 'res' value to me for analysis.
>> Because I inserted a debug message before and after SSL_connect(). You can see it in the following code.
>>
>> /*
>> My debug statement wrote the " Going to call SSL_connect() 15" into my trace file
>> And this message string is THE LAST message in my trace file.
>> */
>> if (isDiag) {
>> SerialWriteTestLine_int_Time("Going to call SSL_connect()", timeout, diag);
>> }
>> res = SSL_connect(ssl);
>> /*
>> Oooop!!! The following statement was not executed! No debug message in my trace file anymore.
>> */
>> if (isDiag) {
>> SerialWriteTestLine_int_Time("SSL_connect res ", res, diag);
>> }
>> if (res <= 0) {
>> sslerror = SSL_get_error(ssl, res);
>> if (sslerror == SSL_ERROR_WANT_READ) {
>> isexp = is_expired(exptime);
>> if (isexp == 1) {
>> if (isDiag) {
>> SerialWriteTestLine_int_Time("ConnectSSL [SSL_connect(ssl)] failed Timeout", timeout, diag);
>> }
>> strcpy(error, "SSL connect error");
>> return 0;
>> }
>> continue;
>> }
>>
>> So, do you have any idea to get more information inside the SSL_connect?
> If its actually crashing then we need to see a backtrace and a wireshark packet capture.
>
>> Should I re-compile and re-install OpenSSL lib?
>> I tried to configure OpenSSL with option '-d' to enable the debug feature, while I got compilation error.
>>
> You should not get a compilation error. Please post the steps you took to compile the library and the compilation error you received.
>
>
> Matt
>
>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
More information about the openssl-dev
mailing list