Which distro? >>>>>>>>>>>>>> OS is Red Hat Enterprise Linux Server release 6.5 OpenSSL Version :1.0.1e All of the above are vendor specific patches (probably based on original OpenSSL commits). However I don't know from the name what dtls-ecc-ext is referring to. You would need to address your specific question to your vendor. >>>>>>> The patch openssl-1.0.1e-dtls-ecc-ext.patch with changes is decribed below: https://bugzilla.redhat.com/show_bug.cgi?id=1119800 Could it be that the changes in the above patch are causing issues in DTLS Handshake causing the process to crash always at the below location: #4 <signal handler called> #5 0x00007f61e97188e9 in sha1_block_data_order_ssse3 () from /usr/lib64/libcrypto.so.10 #6 0xad89a0d6776026f6 in ?? () #7 0xf9e71fd74025dad7 in ?? () #8 0x2243d5d8167d7997 in ?? () #9 0x8bbb75d9b4efd5d8 in ?? () #10 0xea9689da4d4ac2cb in ?? () #11 0x7067bc5f5034983b in ?? () #12 0xe19f5aa4a5679ed0 in ?? () #13 0x8ecbf7e83d1d8ccd in ?? () #14 0x00007f61e9a827ce in state () from /usr/lib64/libcrypto.so.10 #15 0x00000000bc803cd0 in ?? () #16 0x0000000000000011 in ?? () #17 0x00007f61e9715de7 in SHA1_Update () from /usr/lib64/libcrypto.so.10 #18 0x00007f61e97899fd in ssleay_rand_add () from /usr/lib64/libcrypto.so.10 #19 0x00007f61e9ed92f9 in dtls1_accept () from /usr/lib64/libssl.so.10 Is it possible that you can run the latest 1.0.1 version of standard OpenSSL (i.e. OpenSSL 1.0.1l)? There have been some significant DTLS related fixes that have been applied in recent versions. >>>>>>>>> it would not be possible as other modules are also using 1.0.1e version. Thanks, Sanchit Arora On Mon, Feb 9, 2015 at 6:07 PM, Matt Caswell <matt at openssl.org> wrote: > > > On 09/02/15 20:17, sanchit arora wrote: >> Bug report >> >> OS: Linux > > Which distro? > >> >> OpenSSL Version: 1.0.1e-30 > > That is not an OpenSSL version - that is an OS vendor specific version > based on OpenSSL 1.0.1e > >> While doing DTLS testing with openssl-1.0.1e-30 Version and patches >> for RT3327, RT3470 and RT3483 on top of that, we are facing an issue >> where our process is crashing during the duration run of 24 hours. >> >> Use Case: >> * There are 125 DTLS Server Connections and 125 DTLS Client Connections. >> * Connection Attempts towards Server connections are also being >> made every 1 second. >> * Client Connections are initiating connection attempts every 1 second . >> * SSL Handshake is made to fail so that connection attempts >> continues and there are no crashes observed. >> >> During the above duration run, process is always crashing at the below >> location always. >> >> #4 <signal handler called> >> #5 0x00007f61e97188e9 in sha1_block_data_order_ssse3 () from >> /usr/lib64/libcrypto.so.10 >> #6 0xad89a0d6776026f6 in ?? () >> #7 0xf9e71fd74025dad7 in ?? () >> #8 0x2243d5d8167d7997 in ?? () >> #9 0x8bbb75d9b4efd5d8 in ?? () >> #10 0xea9689da4d4ac2cb in ?? () >> #11 0x7067bc5f5034983b in ?? () >> #12 0xe19f5aa4a5679ed0 in ?? () >> #13 0x8ecbf7e83d1d8ccd in ?? () >> #14 0x00007f61e9a827ce in state () from /usr/lib64/libcrypto.so.10 >> #15 0x00000000bc803cd0 in ?? () >> #16 0x0000000000000011 in ?? () >> #17 0x00007f61e9715de7 in SHA1_Update () from /usr/lib64/libcrypto.so.10 >> #18 0x00007f61e97899fd in ssleay_rand_add () from /usr/lib64/libcrypto.so.10 >> #19 0x00007f61e9ed92f9 in dtls1_accept () from /usr/lib64/libssl.so.10 > > There is insufficient information in the above to diagnose the problem. > We would need a build with full debugging symbols. > > >> >> When we tested with openssl-1.0.1e-16 Version and patches for RT3327, >> RT3470 and RT3483 on top of that, the use case works fine. >> >> On investigation, we found that there are 11 patches added between >> openssl-1.0.1e-30 and openssl-1.0.1e-16 version out of which following >> 3 patches are related to DTLS. >> >> openssl-1.0.1e-dtls-ecc-ext. >> patch >> openssl-1.0.1e-cve-2014-3513. >> patch >> openssl-1.0.1e-fallback-scsv.patch >> >> We have narrowed down that when we use openssl-1.0.1e-30 Version with >> the openssl-1.0.1e-dtls-ecc-ext.patch and patches for RT3327, RT3470 >> and RT3483 on top of that, process crashes with the above abterm >> during the duration run of 24 hours. >> >> When we excluded the openssl-1.0.1e-dtls-ecc-ext.patch from >> openssl-1.0.1e-30 Version, we didn't see an abterm during the duration >> run of 24 hours. >> >> Therefore, it seems that the openssl-1.0.1e-dtls-ecc-ext.patch is >> causing the abterm in the duration run. >> >> Please let us know if there could be issues with the >> openssl-1.0.1e-dtls-ecc-ext.patch? > > All of the above are vendor specific patches (probably based on original > OpenSSL commits). However I don't know from the name what dtls-ecc-ext > is referring to. You would need to address your specific question to > your vendor. > > Is it possible that you can run the latest 1.0.1 version of standard > OpenSSL (i.e. OpenSSL 1.0.1l)? There have been some significant DTLS > related fixes that have been applied in recent versions. > > Matt > > > > > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
