From nobody@FreeBSD.org  Wed Jun 26 06:27:12 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	by hub.freebsd.org (Postfix) with ESMTP id 5ED58DDE
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 26 Jun 2013 06:27:12 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	by mx1.freebsd.org (Postfix) with ESMTP id 3753F10A6
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 26 Jun 2013 06:27:12 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r5Q6RBDA039196
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 26 Jun 2013 06:27:11 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r5Q6RB1p039195;
	Wed, 26 Jun 2013 06:27:11 GMT
	(envelope-from nobody)
Message-Id: <201306260627.r5Q6RB1p039195@oldred.freebsd.org>
Date: Wed, 26 Jun 2013 06:27:11 GMT
From: John Wehle <john@feith.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: lib32/libcrypto.so.6 causes apache SSL to crash due to wrong opensslconf.h
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         179996
>Category:       kern
>Synopsis:       [libcrypto] lib32/libcrypto.so.6 causes apache SSL to crash due to wrong opensslconf.h
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 26 06:30:00 UTC 2013
>Closed-Date:    
>Last-Modified:  Fri Aug 09 01:39:53 UTC 2013
>Originator:     John Wehle
>Release:        FreeBSD 9.1-STABLE 252047M
>Organization:
>Environment:
FreeBSD carmen.FEITH.COM 9.1-STABLE FreeBSD 9.1-STABLE #1 r235103:252047M: Fri Jun 21 23:31:53 EDT 2013 root@wagner.FEITH.COM:/usr/obj/amd64.amd64/usr/src/sys/CUSTOM amd64
>Description:
32bit httpd-2.2.24 built with SSL crashes during startup when run on a
freebsd amd64 machine recently updated by building 9.1-STABLE amd64 on
a freebsd i386 machine.
    
Stack trace shows:

#0  0x282a3c50 in bn_div_words () from /usr/lib32/libcrypto.so.6
#1  0x2829cf7d in BN_div (dv=0x0, rm=0x289432e4, num=0x289432e4, divisor=0x289432f8, ctx=0x289370a0)
    at /usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bn/bn_div.c:345

The 32bit httpd-2.2.24 works fine on the i386 build machine.  Rebuilding
the 32bit httpd-2.2.24 without SSL avoids the problem on the amd64 machine.

Rebuilding lib32/libcrypto by doing:

  rm -rf /usr/obj/amd64.amd64/lib32 /usr/obj/amd64.amd64/usr/src/lib32
  make TARGET=amd64 TARGET_ARCH=amd64 build32

shows some warning messages:

  crypto/openssl/crypto/bn/bn_div.c: In function 'BN_div':
  crypto/openssl/crypto/bn/bn_div.c:304: warning: integer constant is too large for 'long' type
  crypto/openssl/crypto/bn/bn_div.c:304: warning: large integer implicitly truncated to unsigned type
  crypto/openssl/crypto/bn/bn_div.c:361: warning: right shift count >= width of type
  crypto/openssl/crypto/bn/bn_div.c:362: warning: right shift count >= width of type
  ...

>How-To-Repeat:
Build httpd-2.2.24 on a 9.1-STABLE i386 machine.
Install it on a 9.1-STABLE amd64 machine.
Configure SSL.
Attempt to start httpd.
Notice immediate crash.

httpd source code was configured using:

./configure --enable-modules="ssl proxy rewrite" --disable-ipv6
>Fix:
Rebuilding lib32/libcrypto by doing:

  rm -rf /usr/obj/amd64.amd64/lib32 /usr/obj/amd64.amd64/usr/src/lib32
  mkdir -p /usr/obj/amd64.amd64/usr/src/lib32/usr/include/openssl
  cp /usr/src/secure/lib/libcrypto/opensslconf-i386.h \
    /usr/obj/amd64.amd64/usr/src/lib32/usr/include/openssl/opensslconf.h
  make TARGET=amd64 TARGET_ARCH=amd64 build32

fixes the warning messages and allows the 32bit httpd-2.2.24 built with
SSL to work fine on the amd64 machine.

It appears that the lib32/libcrypto build is picking up the amd64
opensslconf.h by default.



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-amd64->freebsd-bugs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Aug 9 01:39:16 UTC 2013 
Responsible-Changed-Why:  
make this a generic issue. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=179996 
>Unformatted:
