[openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function
Tiantian Liu via RT
rt at openssl.org
Thu Oct 1 15:00:27 UTC 2015
That is ok. Just a test card.
Thanks for your remainder.
While, I am sure installed the OpenSSL1.01p to /usr/lib. Because I configured it with --prefix=/usr/.
I can -redo it and confirm. And I will keep updating the ticket.
Thanks,
Tyler
-----Original Message-----
From: Richard Moore via RT [mailto:rt at openssl.org]
Sent: October-01-15 10:58 AM
To: Tiantian Liu
Cc: openssl-dev at openssl.org
Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function
You have just leaked your credit card number to the internet. I'd suggest you cancel your card unless it is a test account.
Rich.
On 1 October 2015 at 15:18, Tiantian Liu via RT <rt at openssl.org> wrote:
> Hi,
>
> Good morning! Thanks for your response.
>
> I configured my OpenSSL with '-d' option to enable the debugging
> information. Where I don't know how to use it during my application running.
>
> So I used gcc GDB function to debug.
>
> My application is a multi-process program. I started my application
> and attached GDB to on process which will call SSL methods.
> I got the segmentation fault and dumped the calling stack like:
>
>
> (gdb)
> (gdb) Working Directory: /MCM_Red_Hat_Enterprise5_4_2_16old/
> Home Directory: /MCM_Red_Hat_Enterprise5_4_2_16old/
>
> (gdb) attach 3477
> Attaching to program: /MCM_Red_Hat_Enterprise5_4_2_16old/mlt_serv4,
> process 3477
> `system-supplied DSO at 0x9e6000' has disappeared; keeping its symbols.
> [Thread debugging using libthread_db enabled] [New Thread -1208351024
> (LWP 3477)] [New Thread -1241924720 (LWP 3484)] [New Thread
> -1239299184 (LWP 3483)] [New Thread -1236673648 (LWP 3482)] [New
> Thread -1234048112 (LWP 3481)] [New Thread -1231422576 (LWP 3480)]
> Loaded symbols for /usr/lib/libkrb5.so.3 Loaded symbols for
> /usr/lib/libk5crypto.so.3 Loaded symbols for
> /usr/lib/libptcoresdk.so.2 Loaded symbols for /lib/libcom_err.so.2
> Loaded symbols for /usr/lib/libstdc++.so.6 Loaded symbols for
> /usr/lib/libssl.so.1.0.0 Loaded symbols for
> /usr/lib/libcrypto.so.1.0.0 Loaded symbols for /lib/libdl.so.2 Loaded
> symbols for /lib/i686/nosegneg/libpthread.so.0
> Loaded symbols for /lib/i686/nosegneg/libc.so.6 Loaded symbols for
> /usr/lib/libkrb5support.so.0 Loaded symbols for /lib/libresolv.so.2
> Loaded symbols for /lib/libgcc_s.so.1 Loaded symbols for
> /lib/i686/nosegneg/libm.so.6 Loaded symbols for /lib/ld-linux.so.2
> 0x009e6402 in __kernel_vsyscall ()
> (gdb) c
> Continuing.
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1231422576 (LWP 3480)]
> 0x00dd87e8 in SSL_clear (s=0xb4a03ec8) at ssl_lib.c:219
> 219 if (s->renegotiate) {
> (gdb) where
> #0 0x00dd87e8 in SSL_clear (s=0xb4a03ec8) at ssl_lib.c:219
> #1 0x00db211f in ssl3_connect (s=0xb4a03ec8) at s3_clnt.c:209
> #2 0x0810bf05 in ConnectSSL_ex (ssl=0xb4a03ec8, sock=8,
> error=0xb698f13c "072410333.qrl", diag=0xb699ac7c
> "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg", isDiag=2 '\002',
> timeout=15) at ../multi_client/source_Host_C_Code/ssl_open.c:556
> #3 0x0810c26f in SSL_connect_tr_ex (sslc=0xb698f670, msg=0xb698f13c
> "072410333.qrl", pssl=0xb698ef10, diag=0xb699ac7c
> "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg", isDiag=2 '\002') at
> ../multi_client/source_Host_C_Code/ssl_open.c:693
> #4 0x081088e1 in Givex_doSSLConnect (sslc=0xb698f670, dsp=0xb698f647
> "¶ô\217\204", CCi=0xb699ab14, IPind=1, ind2=0xb698f208,
> DiagFile=0xb699ac7c
> "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg")
> at ../multi_client/source_Host_C_Code/openssl.c:1075
> #5 0x08101441 in Givex_ConnectSSL (sslc=0xb698f670, dsp=0xb698f647
> "¶ô\217\204", CCi=0xb699ab14, Flg=0, DiagFile=0xb699ac7c
> "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg") at
> ../multi_client/source_Host_C_Code/GIFT.c:213
> #6 0x08103abc in sendtoGivex (TransType=68 'D', CCrq=0xb698fd6c,
> CCi=0xb699ab14, CCo=0xb6997d10, CCGr=0xb6990f08, OperatorId=0xb699c534
> "", DiagFile=0xb699ac7c "/MCM_Red_Hat_Enterprise5_4_2_16old/log/211.dg")
> at ../multi_client/source_Host_C_Code/GIFT.c:2166
> #7 0x08105041 in GIFT_Authorize_cd (TransType=68 'D',
> AuthNum=0xb699c4af "", SecurityCode=0xb699c612 "",
> PromoCode=0xb699c528 "",
> OperatorId=0xb699c534 "", CCi=0xb699ab14, CCo=0xb6997d10, CCGr=0xb6990f08)
> at ../multi_client/source_Host_C_Code/GIFT.c:3013
> #8 0x080b7849 in CCm_Authorize_cd (PosNum=0xb699c490 "100001",
> CardNo=0xb699c45b "603628465812000010140", ExpDate=0xb698ffaa "",
> AuthNum=0xb699c4af "", Amount=0, TransType=68 'D', CardType=51 '3',
> Fld3=0xb699c612 "", SAmount=0,
> PromoCode=0xb699c528 "", OperatorId=0xb699c534 "", CCi=0xb699ab14,
> CCo=0xb6997d10, CCGr=0xb6990f08, ProductCodes=0x0) at
> ../multi_client/source_Host_C_Code/CDCA_M.c:22148
> #9 0x08059e94 in Authorize_cd (PosNum=0xb699c490 "100001",
> CardNo=0xb699c45b "603628465812000010140", ExpDate=0xb699c484 "",
> AuthNum=0xb699c4af "", Amount=0, TransType=68 'D', CardType=<value
> optimized out>, Currency=0xb699c4c7 "124",
> Fld1=0xb699c4cb "", Fld2=0xb699c4ea "", Fld3=0xb699c612 "",
> SAmount=0,
> PromoCode=0xb699c528 "", OperatorId=0xb699c534 "", CCi=0xb699ab14,
> CCo=0xb6997d10, CCGr=0xb6990f08, ProductCodes=0x0) at mlt_lib4.c:353
> #10 0x08064989 in do_one_transaction_post (cln_sock_id=7,
> CCAuth_Res=0xb6997d10, Tstr=0xb699c458, CCAuth_PC=0xb699d830,
> CCAuth_Main=0xb699ab14, Tcct=0xb69985f5) at mlt_srv4.c:1668
> #11 0x080663f3 in hCCm_OneTransaction () at mlt_srv4.c:2100
> #12 0x004a0302 in start_thread () from
> /lib/i686/nosegneg/libpthread.so.0
> #13 0x007dc3ae in clone () from /lib/i686/nosegneg/libc.so.6
> (gdb) up
> #1 0x00db211f in ssl3_connect (s=0xb4a03ec8) at s3_clnt.c:209
> 209 SSL_clear(s);
> (gdb) down
> #0 0x00dd87e8 in SSL_clear (s=0xb4a03ec8) at ssl_lib.c:219
> 219 if (s->renegotiate) {
> (gdb)
>
> The above message shows my application crash when it tried to refer
> the ‘renegotiate’ value?
> I used the print command
>
> (gdb) print s->renegotiate
> And I got the value is :
> $1 = 0 /* this means the ‘s->renegotiate’ is 0 */
>
> Could you help me to figure out what happened?
> Thanks,
> Tyler
>
>
>
>
> -----Original Message-----
> From: Wayming Zhang via RT [mailto:rt at openssl.org]
> Sent: September-30-15 9:48 AM
> To: Tiantian Liu
> Cc: openssl-dev at openssl.org
> Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash
> happened inside SSL_Connect function
>
> Is your process terminated or still alive after printing the last
> trace message?
>
> " Going to call SSL_connect() 15"
>
> If it is terminated already, is there any core dump file generated? If
> it is still alive, pstack command could help you to see what is happening.
>
> I don't see turning on debug could print any trace in SSL_Connect()
> funciton. If you want to see what happens inside the function, run
> your program under debugger and set break point in SSL_Connect(), then
> run it step by step.
>
> Wayming
>
>
> On 30/09/15 03:32, Tiantian Liu via RT wrote:
> > I downloaded the OpenSSL-1.0.1p.
> >
> > I configured it as :
> >
> > [root at lin5ent openssl-1.0.1p]# ./config -d --prefix=/usr/ shared
> > threads
> >
> > /****************************************************************
> > ******The configuration result
> > as****************************************
> >
> > Operating system: i686-whatever-linux2 Configuring for
> > debug-linux-elf Configuring for debug-linux-elf
> > no-ec_nistp_64_gcc_128 [default]
> > OPENSSL_NO_EC_NISTP_64_GCC_128
> (skip dir)
> > no-gmp [default] OPENSSL_NO_GMP (skip dir)
> > no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)
> > no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
> > no-md2 [default] OPENSSL_NO_MD2 (skip dir)
> > no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
> > no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)
> > no-sctp [default] OPENSSL_NO_SCTP (skip dir)
> > no-store [experimental] OPENSSL_NO_STORE (skip dir)
> > no-unit-test [default] OPENSSL_NO_UNIT_TEST (skip dir)
> > no-zlib [default]
> > no-zlib-dynamic [default]
> > IsMK1MF=0
> > CC =gcc
> > CFLAG =-fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
> -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DBN_DEBUG -DREF_CHECK
> -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486
> -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2
> -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
> -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM
> -DWHIRLPOOL_ASM -DGHASH_ASM
> > EX_LIBS =-lefence -ldl
> > CPUID_OBJ =x86cpuid.o
> > BN_ASM =bn-586.o co-586.o x86-mont.o x86-gf2m.o
> > DES_ENC =des-586.o crypt586.o
> > AES_ENC =aes-586.o vpaes-x86.o aesni-x86.o
> > BF_ENC =bf-586.o
> > CAST_ENC =c_enc.o
> > RC4_ENC =rc4-586.o
> > RC5_ENC =rc5-586.o
> > MD5_OBJ_ASM =md5-586.o
> > SHA1_OBJ_ASM =sha1-586.o sha256-586.o sha512-586.o
> > RMD160_OBJ_ASM=rmd-586.o
> > CMLL_ENC =cmll-x86.o
> > MODES_OBJ =ghash-x86.o
> > ENGINES_OBJ =
> > PROCESSOR =
> > RANLIB =/usr/bin/ranlib
> > ARFLAGS =
> > PERL =/usr/bin/perl
> > THIRTY_TWO_BIT mode
> > DES_PTR used
> > DES_RISC1 used
> > DES_UNROLL used
> > BN_LLONG mode
> > RC4_INDEX mode
> > RC4_CHUNK is undefined
> > e_os2.h => include/openssl/e_os2.h
> > making links in crypto...
> > make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto'
> > crypto.h => ../include/openssl/crypto.h opensslv.h =>
> > ../include/openssl/opensslv.h opensslconf.h =>
> > ../include/openssl/opensslconf.h ebcdic.h =>
> > ../include/openssl/ebcdic.h symhacks.h =>
> > ../include/openssl/symhacks.h ossl_typ.h =>
> > ../include/openssl/ossl_typ.h constant_time_test.c =>
> > ../test/constant_time_test.c making links in crypto/objects...
> > make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/objects'
> > objects.h => ../../include/openssl/objects.h obj_mac.h =>
> > ../../include/openssl/obj_mac.h
> > make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/objects'
> > making links in crypto/md4...
> > make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/md4'
> > md4.h => ../../include/openssl/md4.h md4test.c =>
> > ../../test/md4test.c md4.c => ../../apps/md4.c
> > make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/md4'
> > making links in crypto/md5...
> > make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/md5'
> > md5.h => ../../include/openssl/md5.h md5test.c =>
> > ../../test/md5test.c
> > make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/md5'
> > making links in crypto/sha...
> > make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/sha'
> > sha.h => ../../include/openssl/sha.h shatest.c =>
> > ../../test/shatest.c sha1test.c => ../../test/sha1test.c sha256t.c
> > => ../../test/sha256t.c sha512t.c => ../../test/sha512t.c
> > make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/sha'
> > making links in crypto/mdc2...
> > make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/mdc2'
> > mdc2.h => ../../include/openssl/mdc2.h mdc2test.c =>
> > ../../test/mdc2test.c
> > make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/mdc2'
> > making links in crypto/hmac...
> > make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/hmac'
> > hmac.h => ../../include/openssl/hmac.h ......
> > srptest.c => ../../test/srptest.c
> > make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/srp'
> > making links in crypto/cmac...
> > make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/crypto/cmac'
> > cmac.h => ../../include/openssl/cmac.h
> > make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto/cmac'
> > make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/crypto'
> > making links in ssl...
> > make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/ssl'
> > ssl.h => ../include/openssl/ssl.h
> > ssl2.h => ../include/openssl/ssl2.h
> > ssl3.h => ../include/openssl/ssl3.h
> > ssl23.h => ../include/openssl/ssl23.h tls1.h =>
> > ../include/openssl/tls1.h dtls1.h => ../include/openssl/dtls1.h
> > kssl.h => ../include/openssl/kssl.h srtp.h =>
> > ../include/openssl/srtp.h ssltest.c => ../test/ssltest.c
> > heartbeat_test.c => ../test/heartbeat_test.c
> > make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/ssl'
> > making links in engines...
> > make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/engines'
> > making links in engines/ccgost...
> > make[2]: Entering directory `/home/tyler28/openssl-1.0.1p/engines/ccgost'
> > make[2]: Nothing to be done for `links'.
> > make[2]: Leaving directory `/home/tyler28/openssl-1.0.1p/engines/ccgost'
> > make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/engines'
> > making links in apps...
> > make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/apps'
> > make[1]: Nothing to be done for `links'.
> > make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/apps'
> > making links in test...
> > make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/test'
> > make[1]: Nothing to be done for `links'.
> > make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/test'
> > making links in tools...
> > make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/tools'
> > make[1]: Nothing to be done for `links'.
> > make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/tools'
> > generating dummy tests (if needed)...
> > make[1]: Entering directory `/home/tyler28/openssl-1.0.1p/test'
> > make[1]: Nothing to be done for `generate'.
> > make[1]: Leaving directory `/home/tyler28/openssl-1.0.1p/test'
> >
> > Configured for debug-linux-elf.
> >
> > ***********************************************************/
> >
> >
> >
> > Then I make it and got the ERROR message Told me undefined
> > reference to 'pthread_mutex_trylock'
> > Then I added '-lpthread' into the FLAG in Makefile. Then I went
> > through
> and compiled successfully.
> >
> > Then I will ran my application again to see how SSL_connect() crash....
> > Any requirement for me to start my application with OpenSSL (with
> > debug enabled)? I mean to show me more information inside
> > SSL_connect()
> >
> > Thanks,
> > Tyler
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Matt Caswell via RT [mailto:rt at openssl.org]
> > Sent: September-29-15 10:55 AM
> > To: Tiantian Liu
> > Cc: openssl-dev at openssl.org<mailto:openssl-dev at openssl.org>
> > Subject: Re: [openssl-dev] [openssl.org #4060] AutoReply: a crash
> > happened inside SSL_Connect function
> >
> >
> >
> > On 29/09/15 15:45, Tiantian Liu via RT wrote:
> >> Hi Matt,
> >> Thanks for prompt response!
> >> While I confirm with you that my application crashed INSIDE the
> SSL_connect() function.
> > Your previous email indicated it was not crashing with SSLv23_method():
> > "While the above code didn't work. I couldn't reach the server.
> > Though
> the SSL_connect() didn't crash, it returned as..."
> >
> > So my advice was meant for that scenario.
> >
> >> So SSL_connect has no chance to return the 'res' value to me for
> analysis.
> >> Because I inserted a debug message before and after SSL_connect().
> >> You
> can see it in the following code.
> >>
> >> /*
> >> My debug statement wrote the " Going to call
> >> SSL_connect()
> 15" into my trace file
> >> And this message string is THE LAST message in my
> >> trace
> file.
> >> */
> >> if (isDiag) {
> >> SerialWriteTestLine_int_Time("Going to call
> SSL_connect()", timeout, diag);
> >> }
> >> res = SSL_connect(ssl);
> >> /*
> >> Oooop!!! The following statement was not executed! No
> >> debug
> message in my trace file anymore.
> >> */
> >> if (isDiag) {
> >> SerialWriteTestLine_int_Time("SSL_connect res ", res,
> diag);
> >> }
> >> if (res <= 0) {
> >> sslerror = SSL_get_error(ssl, res);
> >> if (sslerror == SSL_ERROR_WANT_READ) {
> >> isexp = is_expired(exptime);
> >> if (isexp == 1) {
> >> if (isDiag) {
> >>
> SerialWriteTestLine_int_Time("ConnectSSL [SSL_connect(ssl)] failed
> Timeout", timeout, diag);
> >> }
> >> strcpy(error, "SSL connect error");
> >> return 0;
> >> }
> >> continue;
> >> }
> >>
> >> So, do you have any idea to get more information inside the SSL_connect?
> > If its actually crashing then we need to see a backtrace and a
> > wireshark
> packet capture.
> >
> >> Should I re-compile and re-install OpenSSL lib?
> >> I tried to configure OpenSSL with option '-d' to enable the debug
> feature, while I got compilation error.
> >>
> > You should not get a compilation error. Please post the steps you
> > took
> to compile the library and the compilation error you received.
> >
> >
> > Matt
> >
> >
> >
> > _______________________________________________
> > openssl-dev mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
> >
>
>
>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
More information about the openssl-dev
mailing list