SSL error in nginx

Fasih faskiri.devel at gmail.com
Wed May 29 14:47:21 UTC 2013


Hi

I see this crash very very infrequently in nginx. Notice the len
parameter=3734714755

#12 0x00007f40b8b45975 in sha1_update (c=0x808bdfe3, data=<optimized out>,
len=3734714755) at e_aes_cbc_hmac_sha1.c:156

Walking through the openssl source code didnt help. There are two
possibilities:
1. Bug in nginx which corrupts some data that openssl crashes on
2. Bug in openssl

I will probably post this on the openssl forum also, but wanted to know if
someone could shed some light on this. Or give me some pointers on how to
debug this.

nginx-1.2.6

OpenSSL> version
OpenSSL 1.0.1 14 Mar 2012

Ubuntu 12.04 LTS

The complete stack trace:

#0  sha1_block_data_order_ssse3 () at sha1-x86_64.s:2242
#1  0xca62c1d6ca62c1d6 in ?? ()
#2  0xca62c1d6ca62c1d6 in ?? ()
#3  0xca62c1d6ca62c1d6 in ?? ()
#4  0xca62c1d6ca62c1d6 in ?? ()
#5  0xca62c1d6ca62c1d6 in ?? ()
#6  0xca62c1d6ca62c1d6 in ?? ()
#7  0xca62c1d6ca62c1d6 in ?? ()
#8  0xca62c1d6ca62c1d6 in ?? ()
#9  0x000000000fa92011 in ?? ()
#10 0x000000002e1e7174 in ?? ()
#11 0xffffffffffffffc0 in ?? ()
#12 0x00007f40b8b45975 in sha1_update (c=0x808bdfe3, data=<optimized out>,
len=3734714755) at e_aes_cbc_hmac_sha1.c:156
#13 0x00007f40b8b45d76 in aesni_cbc_hmac_sha1_cipher (ctx=<optimized out>,
    out=0xfa9200e
"[\200P\303\351\337^\034\336\364:\305\005TeM\356I\232\236\264n\361∲\232i\216$,%\026\334\071\375\301!yp\361\214%OFq\355\365\317\354W^\352)\347\376`m\366j'.\316!\027\003\002\002p[lZj\315\a\377Ov\033[/w\247]4\225+\250\356\357\343\311\036e\236à\002\270\001\364\366\362R\363\271[\032\247\220\324\024\017C{b\307N\334\334\022RиbȏF\300\225\266g\202\304\336\262\224\265\355\016\374\037(KǪ/\177\224\257\bՏ\244\233\314%\260\372\357c\236\001#\271\276\301\027.\377kU\255\016sl&z\340$0\260\253\264w\b\277\201:\265\230M\223]\004ڽ\024\177\261"...,
in=<optimized out>, len=<optimized out>)
    at e_aes_cbc_hmac_sha1.c:260
#14 0x00007f40b8e48bdf in tls1_enc (s=0x11bb9500, send=0) at t1_enc.c:828
#15 0x00007f40b8e406e0 in ssl3_get_record (s=0x11bb9500) at s3_pkt.c:405
#16 ssl3_read_bytes (s=0x11bb9500, type=22, buf=0xe864000 "\024", len=4,
peek=0) at s3_pkt.c:997
#17 0x00007f40b8e421f8 in ssl3_get_message (s=0x11bb9500, st1=<optimized
out>, stn=8641, mt=20, max=64, ok=0x7fff5b563d2c) at s3_both.c:449
#18 0x00007f40b8e41b47 in ssl3_get_finished (s=0x11bb9500, a=<optimized
out>, b=<optimized out>) at s3_both.c:238
#19 0x00007f40b8e367a2 in ssl3_accept (s=0x11bb9500) at s3_srvr.c:701
#20 0x000000000049448c in ngx_ssl_handshake (c=0xd3acdc0) at
src/event/ngx_event_openssl.c:607
#21 0x00000000004946a9 in ngx_ssl_handshake_handler (ev=<optimized out>) at
src/event/ngx_event_openssl.c:747
#22 0x000000000048aade in ngx_event_process_posted (cycle=<optimized out>,
posted=0x103b060) at src/event/ngx_event_posted.c:40
#23 0x000000000048a6a7 in ngx_process_events_and_timers (cycle=0x3e1a050)
at src/event/ngx_event.c:290
#24 0x0000000000490d42 in ngx_worker_process_cycle (cycle=0x3e1a050,
data=<optimized out>) at src/os/unix/ngx_process_cycle.c:895
#25 0x000000000048f437 in ngx_spawn_process (cycle=0x3e1a050, proc=0x490bad
<ngx_worker_process_cycle>, data=0x3, name=0xb49798 "worker process",
respawn=-4) at src/os/unix/ngx_process.c:198
#26 0x0000000000490173 in ngx_start_worker_processes (cycle=0x3e1a050, n=4,
type=-4) at src/os/unix/ngx_process_cycle.c:404
#27 0x0000000000491c6d in ngx_master_process_cycle (cycle=0x3e1a050) at
src/os/unix/ngx_process_cycle.c:290
#28 0x00000000004748df in main (argc=5, argv=0x7fff5b5643a8) at
src/core/nginx.c:436
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20130529/b29b8dbe/attachment.html>


More information about the nginx-devel mailing list