amd64/179996: lib32/libcrypto.so.6 causes apache SSL to crash due to wrong opensslconf.h

John Wehle john at feith.com
Wed Jun 26 06:30:00 UTC 2013 

>Number:         179996
>Category:       amd64
>Synopsis:       lib32/libcrypto.so.6 causes apache SSL to crash due to wrong opensslconf.h
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-amd64
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 26 06:30:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     John Wehle
>Release:        FreeBSD 9.1-STABLE 252047M
>Organization:
>Environment:
FreeBSD carmen.FEITH.COM 9.1-STABLE FreeBSD 9.1-STABLE #1 r235103:252047M: Fri Jun 21 23:31:53 EDT 2013 root at wagner.FEITH.COM:/usr/obj/amd64.amd64/usr/src/sys/CUSTOM amd64
>Description:
32bit httpd-2.2.24 built with SSL crashes during startup when run on a
freebsd amd64 machine recently updated by building 9.1-STABLE amd64 on
a freebsd i386 machine.
    
Stack trace shows:

#0  0x282a3c50 in bn_div_words () from /usr/lib32/libcrypto.so.6
#1  0x2829cf7d in BN_div (dv=0x0, rm=0x289432e4, num=0x289432e4, divisor=0x289432f8, ctx=0x289370a0)
    at /usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bn/bn_div.c:345

The 32bit httpd-2.2.24 works fine on the i386 build machine.  Rebuilding
the 32bit httpd-2.2.24 without SSL avoids the problem on the amd64 machine.

Rebuilding lib32/libcrypto by doing:

  rm -rf /usr/obj/amd64.amd64/lib32 /usr/obj/amd64.amd64/usr/src/lib32
  make TARGET=amd64 TARGET_ARCH=amd64 build32

shows some warning messages:

  crypto/openssl/crypto/bn/bn_div.c: In function 'BN_div':
  crypto/openssl/crypto/bn/bn_div.c:304: warning: integer constant is too large for 'long' type
  crypto/openssl/crypto/bn/bn_div.c:304: warning: large integer implicitly truncated to unsigned type
  crypto/openssl/crypto/bn/bn_div.c:361: warning: right shift count >= width of type
  crypto/openssl/crypto/bn/bn_div.c:362: warning: right shift count >= width of type
  ...

>How-To-Repeat:
Build httpd-2.2.24 on a 9.1-STABLE i386 machine.
Install it on a 9.1-STABLE amd64 machine.
Configure SSL.
Attempt to start httpd.
Notice immediate crash.

httpd source code was configured using:

./configure --enable-modules="ssl proxy rewrite" --disable-ipv6
>Fix:
Rebuilding lib32/libcrypto by doing:

  rm -rf /usr/obj/amd64.amd64/lib32 /usr/obj/amd64.amd64/usr/src/lib32
  mkdir -p /usr/obj/amd64.amd64/usr/src/lib32/usr/include/openssl
  cp /usr/src/secure/lib/libcrypto/opensslconf-i386.h \
    /usr/obj/amd64.amd64/usr/src/lib32/usr/include/openssl/opensslconf.h
  make TARGET=amd64 TARGET_ARCH=amd64 build32

fixes the warning messages and allows the 32bit httpd-2.2.24 built with
SSL to work fine on the amd64 machine.

It appears that the lib32/libcrypto build is picking up the amd64
opensslconf.h by default.



>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-amd64 mailing list