Bignum is not thread-safe

Sat, 09 Dec 2006 15:19:52 -0800 

Dear OpenSSL users,

When performing stress-testing of stunnel with session cache
disabled I receive core dumps on concurrent SSL_connect() calls.

Here is an example stack backtrace:

#0  0xa7e60d41 in BN_ucmp (a=0x80a28fc, b=0x80a1f08) at bn_lib.c:662
662             bn_check_top(b);
(gdb) bt
#0  0xa7e60d41 in BN_ucmp (a=0x80a28fc, b=0x80a1f08) at bn_lib.c:662
#1  0xa7e6c803 in BN_from_montgomery (ret=0x80a28fc, a=0x80a2924,
    mont=0x80a1ef0, ctx=0x80a2578) at bn_mont.c:281
#2  0xa7e6c3ca in BN_mod_mul_montgomery (r=0x80a28fc, a=0x80a28fc,
    b=0x80a28fc, mont=0x80a1ef0, ctx=0x80a2578) at bn_mont.c:145
#3  0xa7e5e555 in BN_mod_exp_mont (rr=0x80a28d4, a=0x80a28c0,
    p=0x80a1d80, m=0x80a22a8, ctx=0x80a2578, in_mont=0x80a1ef0)
    at bn_exp.c:464
#4  0xa7e81a8c in RSA_eay_public_encrypt (flen=48,
    from=0xa7fa0960 "\003", to=0x808083c "", rsa=0x80e88c0, padding=1)
    at rsa_eay.c:238
#5  0xa7e83e99 in RSA_public_encrypt (flen=48,
    from=0xa7fa0960 "\003", to=0x808083c "", rsa=0x80e88c0, padding=1)
    at rsa_lib.c:282
#6  0xa7f55fb1 in ssl3_send_client_key_exchange (s=0x80e7f10)
    at s3_clnt.c:1680
#7  0xa7f531a9 in ssl3_connect (s=0x80e7f10) at s3_clnt.c:327
#8  0xa7f6a6fd in SSL_connect (s=0x80e7f10) at ssl_lib.c:850
#9  0x0804c96b in init_ssl (c=0x2) at client.c:322
#10 0x0804c581 in do_client (c=0x806eb68) at client.c:208
#11 0x0804c52e in run_client (c=0x806eb68) at client.c:151
#12 0x0804c29b in client (arg=0x806eb68) at client.c:124
#13 0x4dd17ca3 in start_thread ()
   from /lib/tls/i686/cmov/libpthread.so.0
#14 0x4db98f5a in clone () from /lib/tls/i686/cmov/libc.so.6
(gdb) l bn_lib.c:662
657             {
658             int i;
659             BN_ULONG t1,t2,*ap,*bp;
660
661             bn_check_top(a);
662             bn_check_top(b);
663
664             i=a->top-b->top;
665             if (i != 0) return(i);
666             ap=a->d;

Serializing requests solves the problem, but is definitely not a solution for 
real life applications.  8-)

Calling SSL_connect() and SSL_accept() from a critical section helps a little.  
Instead of core dumps I get the following errors:

SSL_connect: 1408C095:
error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed

The library is OpenSSL 0.9.8d configured with:
./Configure threads shared zlib debug-linux-elf

Can you help me find a solution or a better workaround?

TIA,
    Mike

Attachment: pgpL5fWLvjpU6.pgp
Description: PGP signature

Reply via email to