Date: Wed, 26 Jun 2013 06:27:11 GMT From: John Wehle <john@feith.com> To: freebsd-gnats-submit@FreeBSD.org Subject: amd64/179996: lib32/libcrypto.so.6 causes apache SSL to crash due to wrong opensslconf.h Message-ID: <201306260627.r5Q6RB1p039195@oldred.freebsd.org> Resent-Message-ID: <201306260630.r5Q6U0Ag040030@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 179996
>Category: amd64
>Synopsis: lib32/libcrypto.so.6 causes apache SSL to crash due to wrong opensslconf.h
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-amd64
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jun 26 06:30:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: John Wehle
>Release: FreeBSD 9.1-STABLE 252047M
>Organization:
>Environment:
FreeBSD carmen.FEITH.COM 9.1-STABLE FreeBSD 9.1-STABLE #1 r235103:252047M: Fri Jun 21 23:31:53 EDT 2013 root@wagner.FEITH.COM:/usr/obj/amd64.amd64/usr/src/sys/CUSTOM amd64
>Description:
32bit httpd-2.2.24 built with SSL crashes during startup when run on a
freebsd amd64 machine recently updated by building 9.1-STABLE amd64 on
a freebsd i386 machine.
Stack trace shows:
#0 0x282a3c50 in bn_div_words () from /usr/lib32/libcrypto.so.6
#1 0x2829cf7d in BN_div (dv=0x0, rm=0x289432e4, num=0x289432e4, divisor=0x289432f8, ctx=0x289370a0)
at /usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bn/bn_div.c:345
The 32bit httpd-2.2.24 works fine on the i386 build machine. Rebuilding
the 32bit httpd-2.2.24 without SSL avoids the problem on the amd64 machine.
Rebuilding lib32/libcrypto by doing:
rm -rf /usr/obj/amd64.amd64/lib32 /usr/obj/amd64.amd64/usr/src/lib32
make TARGET=amd64 TARGET_ARCH=amd64 build32
shows some warning messages:
crypto/openssl/crypto/bn/bn_div.c: In function 'BN_div':
crypto/openssl/crypto/bn/bn_div.c:304: warning: integer constant is too large for 'long' type
crypto/openssl/crypto/bn/bn_div.c:304: warning: large integer implicitly truncated to unsigned type
crypto/openssl/crypto/bn/bn_div.c:361: warning: right shift count >= width of type
crypto/openssl/crypto/bn/bn_div.c:362: warning: right shift count >= width of type
...
>How-To-Repeat:
Build httpd-2.2.24 on a 9.1-STABLE i386 machine.
Install it on a 9.1-STABLE amd64 machine.
Configure SSL.
Attempt to start httpd.
Notice immediate crash.
httpd source code was configured using:
./configure --enable-modules="ssl proxy rewrite" --disable-ipv6
>Fix:
Rebuilding lib32/libcrypto by doing:
rm -rf /usr/obj/amd64.amd64/lib32 /usr/obj/amd64.amd64/usr/src/lib32
mkdir -p /usr/obj/amd64.amd64/usr/src/lib32/usr/include/openssl
cp /usr/src/secure/lib/libcrypto/opensslconf-i386.h \
/usr/obj/amd64.amd64/usr/src/lib32/usr/include/openssl/opensslconf.h
make TARGET=amd64 TARGET_ARCH=amd64 build32
fixes the warning messages and allows the 32bit httpd-2.2.24 built with
SSL to work fine on the amd64 machine.
It appears that the lib32/libcrypto build is picking up the amd64
opensslconf.h by default.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306260627.r5Q6RB1p039195>