Hi there, Dropping in to post some more updates on this. It might be helpful for anyone with a similar problem.
WXVAULT.DLL might be needed for the smooth functioning of few applications after all. So here's a way out. If you want to retain the dll for these applications but not allow it to crash your application, just remove the value "wxvault.dll" in the following registry entry: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs]. This entry causes wxvault.dll to load itself when any application loads into the same process space and cause access violation, crashing the application. Regards, Uma -----Original Message----- From: Uma G. Nayak Sent: Saturday, April 25, 2009 9:17 AM To: 'openssl-users@openssl.org' Subject: RE: Server crash while starting service Hi, Finally the server is starting on this machine. :) It was because of a wxvault.dll in Windows\System32 that the server was crashing, and nothing to do with OpenSSL bugs. Uff. WXVAULT.DLL is related to Embassy Security Suite that comes installed on Dell Lap tops. But some malwares disguise themselves as wxvault.dll, particularly if they are located in C:\Windows or C:\Windows\System32 folder. Some googling found that this dll is known to attach itself to application processes and load itself when the application dlls are loaded. This is known to cause memory access violations and application crashes. Hence this explains why a wxvault.dll was present in our HP system. Thanks guys for all your support and help :) Regards, Uma -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton Sent: Friday, April 10, 2009 10:47 AM To: openssl-users@openssl.org Subject: Re: Server crash while starting service As near as I can tell, you're passing a pointer to CRYPTO_set_ex_data, probably indirectly, that cannot actually be either read from or written to. (However, this is an old area of the code, and probably hasn't been looked at in a while. It's possible that bugs are lurking there.) That's what the c0000005 parameter is saying -- invalid access. It's the same as a SIGSEGV on *nix. Are you using RSA_set_ex_data, DSA_set_ex_data, or DH_set_ex_data? Very likely, either the CRYPTO_EX_new or CRYPTO_EX_dup parameters to those (the ones labelled new_func and dup_func) aren't doing their jobs correctly. If they are written correctly, it's likely that whatever they call isn't using the same memory allocation system as the library or the rest of the application. Getting a stacktrace would be very useful to figure out what's actually going on (and more importantly, how the flow got there). Under gdb, I'd normally say 'use the "bt" command', but since you're on Windows you're likely using WinDbg. If this is the case, see if you have the '!analyze' command available (it's an extension, so you might not). The best way to do this is with the command '!analyze -v'; you should also consider using the 'kb' command to figure out the state of the stack. For more information about using WinDbg, I would recommend the documentation to be found at http://msdn.microsoft.com/en-us/library/cc267480.aspx . -Kyle H On Thu, Apr 9, 2009 at 5:29 AM, Uma G. Nayak <uma_na...@mindtree.com> wrote: > Malware scan came out clean. > > Debugger tool showed the following error: > > ============================================================================ > First chance exceptions are reported before any exception handling. > This exception may be expected and handled. > eax=00bdf6b0 ebx=0098db9c ecx=0006fedc edx=00bdf6b0 esi=00896708 edi=0098f388 > eip=0fb02e14 esp=0006fe8c ebp=14064057 iopl=0 nv up ei pl nz na po nc > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 > *** ERROR: Symbol file could not be found. Defaulted to export symbols for > D:\Program Files\AirMagnet Inc\AirMagnet Management Server\LIBEAY32.dll - > LIBEAY32!CRYPTO_set_ex_data_implementation+0x54: > 0fb02e14 8b00 mov eax,dword ptr [eax] > ds:0023:00bdf6b0=???????? > Missing image name, possible paged-out or corrupt data. > Missing image name, possible paged-out or corrupt data. > 0:000> g > (c88.92c): Access violation - code c0000005 (!!! second chance !!!) > eax=00bdf6b0 ebx=0098db9c ecx=0006fedc edx=00bdf6b0 esi=00896708 edi=0098f388 > eip=0fb02e14 esp=0006fe8c ebp=14064057 iopl=0 nv up ei pl nz na po nc > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 > LIBEAY32!CRYPTO_set_ex_data_implementation+0x54: > 0fb02e14 8b00 mov eax,dword ptr [eax] > ds:0023:00bdf6b0=???????? > 0:000> g > (c88.92c): Access violation - code c0000005 (first chance) > First chance exceptions are reported before any exception handling. > This exception may be expected and handled. > eax=00bdf6b0 ebx=0098db9c ecx=0006fedc edx=00bdf6b0 esi=00896708 edi=0098f388 > eip=0fb02e14 esp=0006fe8c ebp=14064057 iopl=0 nv up ei pl nz na po nc > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 > LIBEAY32!CRYPTO_set_ex_data_implementation+0x54: > ============================================================================ > > Not able to find out what caused it to crash here. Is it some sort of a > locking issue or memory access violation? > > > Regards, > Uma > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton > Sent: Tuesday, March 31, 2009 2:59 PM > To: openssl-users@openssl.org > Subject: Re: Server crash while starting service > > This is where you use your Magical Administrator Powers and download > the http://www.microsoft.com/whdc/devtools/debugging/default.mspx > Debugging Tools for Windows. These will provide you a LOT more > information, including the nature of the fault. > > However, I would also suggest running a malware scan on that machine. > > -Kyle H > > On Tue, Mar 31, 2009 at 12:24 AM, Uma G. Nayak <uma_na...@mindtree.com> wrote: >> It's a Pentium D(x86 Family 15 Model 4 Stepping 7 GenuineIntel ~2791 MHz) >> system. We get the crash at libeay32.dll with following description >> >> "Faulting application apache.exe, version 1.0.0.1, faulting module >> libeay32.dll, version 0.9.8.10, fault address 0x0002d3e4" >> >> Other than this, I do not get any other errors/information from the crash. >> >> -Uma >> >> -----Original Message----- >> From: owner-openssl-us...@openssl.org >> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton >> Sent: Tuesday, March 31, 2009 12:46 PM >> To: openssl-users@openssl.org >> Subject: Re: Server crash while starting service >> >> You can remove the SSE2 codepath from OpenSSL-FIPS even for systems >> which support SSE2. >> >> What is the specific error you're getting with your second system, if any? >> >> -Kyle H >> >> On Mon, Mar 30, 2009 at 2:35 AM, Uma G. Nayak <uma_na...@mindtree.com> wrote: >>> Kyle, I am not sure what you are referring to when you say, 'application >>> binary', my application binary or the OpenSSL-fips binary. Anyways, here is >>> the info with what I have understood. >>> >>> 1. My application binary (i.e. my client server application XYZ) is the >>> same on both the systems. >>> 2. On both the systems, OpenSSL-fips libraries are the same. i.e. it is >>> built using no-asm option and put on both these systems. >>> >>> I can remove SSE2 codepath from OpenSSL-fips even for systems which support >>> SSE2 right? >>> >>> Regards, >>> Uma >>> >>> -----Original Message----- >>> From: owner-openssl-us...@openssl.org >>> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton >>> Sent: Monday, March 30, 2009 1:09 PM >>> To: openssl-users@openssl.org >>> Subject: Re: Server crash while starting service >>> >>> Have you made sure that the version of the application binary that >>> you're using on the second system is the same as the one that you just >>> built to not require SSE2? >>> >>> -Kyle H >>> >>> On Mon, Mar 30, 2009 at 12:09 AM, Uma G. Nayak <uma_na...@mindtree.com> >>> wrote: >>>> Thanks a lot, to you guys out there. This solved the problem on one of the >>>> machines, which used to say, UNSUPPORTED PLATFORM. Now even my AMD >>>> processor is able to run my application in FIPS mode. >>>> >>>> Now I am off to have a look at the problem in the second system, which >>>> fails to start my application, even though all settings are same as those >>>> in the working systems. :) >>>> >>>> Regards, >>>> Uma >>>> >>>> -----Original Message----- >>>> From: owner-openssl-us...@openssl.org >>>> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson >>>> Sent: Thursday, March 26, 2009 5:44 PM >>>> To: openssl-users@openssl.org >>>> Subject: Re: Server crash while starting service >>>> >>>> On Thu, Mar 26, 2009, Uma G. Nayak wrote: >>>> >>>>> That was very clear and great help Kyle!! Even though I had spent time on >>>>> Security Policy earlier, the build procedure was not clear, atleast for >>>>> me, >>>>> until now. >>>>> >>>>> If you wouldn't mind, could you answer one more question of mine? >>>>> >>>>> I want to use the libeay32.dll and ssleay32.dll from the above build in my >>>>> application. Now, is it sufficient if I use the Openssl-fips-1.2 dlls or >>>>> should I use it with Openssl-0.9.8j module? Because I had read about it in >>>>> one of the replies in this forum, that Openssl-fips-1.2 is to be used in >>>>> conjunction with Openssl-0.9.8j. >>>>> >>>> >>>> Yes you should always use the 1.2 module in conjunction with the latest >>>> version of OpenSSL. >>>> >>>> The version of OpenSSL which came with the 1.2 tarball is an old version of >>>> 0.9.8 and many security and bug fixes have been made since then. >>>> >>>>> If this is true, should I build Openssl-0.9.8j using Openssl-fips-1.2 >>>>> libraries? Again what is the build procedure for this? >>>>> >>>>> I used to follow the below steps for Openssl-0.9.8j: >>>>> >>>>> perl Configure VC-WIN32 no-asm fips --with-fipslibdir=<path of >>>>> Openssl-fips-1.2 dlls> ms\do_ms vcvars32.bat nmake -f ms\ntdll.mak >>>>> >>>> >>>> Yes that's fine but use the latest 0.9.8k release. >>>> >>>> >>>> -- >>>> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage >>>> OpenSSL project core developer and freelance consultant. >>>> Homepage: http://www.drh-consultancy.demon.co.uk >>>> ______________________________________________________________________ >>>> OpenSSL Project http://www.openssl.org >>>> User Support Mailing List openssl-us...@openssl.org >>>> Automated List Manager majord...@openssl.org >>>> >>>> http://www.mindtree.com/email/disclaimer.html >>>> ______________________________________________________________________ >>>> OpenSSL Project http://www.openssl.org >>>> User Support Mailing List openssl-us...@openssl.org >>>> Automated List Manager majord...@openssl.org >>>> >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> User Support Mailing List openssl-us...@openssl.org >>> Automated List Manager majord...@openssl.org >>> >>> http://www.mindtree.com/email/disclaimer.html >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> User Support Mailing List openssl-us...@openssl.org >>> Automated List Manager majord...@openssl.org >>> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-us...@openssl.org >> Automated List Manager majord...@openssl.org >> >> http://www.mindtree.com/email/disclaimer.html >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-us...@openssl.org >> Automated List Manager majord...@openssl.org >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > > http://www.mindtree.com/email/disclaimer.html > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
