Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22917

wolfssl might crash at startup when both SSL and encryption plugin are enabled

Details

    Description

      stacktraces, provided by Marko, show that
      both the main thread and one of the innodb threads are doing something encryption (main thread for the SSL, innodb for encryption) at the same time.

      The suspected problem is that SSL_library_init() in WolfSSL, and suspicion is that there were 2 WolfSSL_Init() running in parallel close to the crash.

      I have seen it also in the past on a Windows build, for which I do not have stacktraces anymore.

      The proposed solution is to do SSL initialization when encryption plugin is loaded.

      Attachments

        Activity

          thread 1

          #3  <signal handler called>
          No symbol table info available.
          #4  0xf7a8215c in ?? () from /lib/i386-linux-gnu/libc.so.6
          No symbol table info available.
          #5  0x5776d235 in wolfSSL_EVP_CipherInit () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c:4863
          No locals.
          #6  0x5776dd5b in wolfSSL_EVP_CipherInit_ex () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c:331
          No locals.
          #7  0x572cfa6b in MyCTX::init (ivlen=0, iv=0x0, klen=16, key=0xee4f47fc "w\n\212e\332\025m$\356*\t2wS\001B4\362\004X4\362\004X \311)Z0\311)Z", encrypt=1, cipher=<optimized out>, this=0xee4f44b0) at /mariadb/10.5-merge/mysys_ssl/my_crypt.cc:67
                  __PRETTY_FUNCTION__ = <optimized out>
          #8  MyCTX_nopad::init (this=<optimized out>, cipher=<optimized out>, encrypt=<optimized out>, key=<optimized out>, klen=<optimized out>, iv=<optimized out>, ivlen=<optimized out>) at /mariadb/10.5-merge/mysys_ssl/my_crypt.cc:120
                  __PRETTY_FUNCTION__ = "virtual int MyCTX_nopad::init(const EVP_CIPHER*, int, const uchar*, uint, const uchar*, uint)"
                  res = <optimized out>
          #9  0x572cf442 in my_aes_crypt (mode=mode@entry=MY_AES_ECB, flags=flags@entry=3, src=src@entry=0xec700620 "K\365\025\365a\275\235\034\356\335\373\202\331\032\242", <incomplete sequence \302>, slen=slen@entry=16, dst=dst@entry=0xee4f47ec "4\362\004X4\362\004X\240w\227X\377\377\377\377w\n\212e\332\025m$\356*\t2wS\001B4\362\004X4\362\004X \311)Z0\311)Z", dlen=dlen@entry=0xee4f47e4, key=key@entry=0xee4f47fc "w\n\212e\332\025m$\356*\t2wS\001B4\362\004X4\362\004X \311)Z0\311)Z", klen=16, iv=iv@entry=0x0, ivlen=ivlen@entry=0) at /mariadb/10.5-merge/mysys_ssl/my_crypt.cc:313
                  ctx = 0xee4f44b0
                  res1 = <optimized out>
                  res2 = <optimized out>
                  d1 = 0
                  d2 = 0
          

          thread2 (main)

          Thread 4 (Thread 0xf791f740 (LWP 1809279)):
          #0  fast_mp_montgomery_reduce () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:2514
          No locals.
          #1  0x577f09af in mp_exptmod_fast () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:2149
          No locals.
          #2  0x577f1426 in mp_exptmod () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:927
          No locals.
          #3  0x577f22f0 in mp_prime_miller_rabin () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:4656
          No locals.
          #4  0x577f27e1 in mp_prime_is_prime_ex () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:4867
          No locals.
          #5  0x577ccea3 in _DhSetKey () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/dh.c:2181
          No locals.
          #6  0x57762e35 in wolfSSL_CTX_SetTmpDH () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/src/ssl.c:1840
          No locals.
          #7  0x57789990 in wolfSSL_CTX_set_tmp_dh () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/src/ssl.c:40209
          No locals.
          #8  0x572103ae in new_VioSSLFd (key_file=<optimized out>, cert_file=<optimized out>, ca_file=<optimized out>, ca_path=0x0, cipher=0x0, is_client_method=0 '\000', error=0xfff1580c, crl_file=0x0, crl_path=0x0, tls_version=14) at /mariadb/10.5-merge/vio/viosslfactories.c:341
                  dh = 0x5a284dc0
                  ssl_fd = 0x5a2cfb68
                  ssl_ctx_options = <optimized out>
                  _db_stack_frame_ = {func = 0x57ae0ed4 "?func", file = 0x57ae0eda "?file", level = 2147483649, line = -1, prev = 0x0}
                  __PRETTY_FUNCTION__ = "new_VioSSLFd"
          #9  0x5721099e in new_VioSSLAcceptorFd (key_file=0x59f64fc8 "/mariadb/10.5-merge/mysql-test/std_data/server-key.pem", cert_file=0x59f64f79 "/mariadb/10.5-merge/mysql-test/std_data/server-cert.pem", ca_file=0x59f64f2f "/mariadb/10.5-merge/mysql-test/std_data/cacert.pem", ca_path=0x0, cipher=0x0, error=error@entry=0xfff1580c, crl_file=0x0, crl_path=0x0, tls_version=14) at /mariadb/10.5-merge/vio/viosslfactories.c:414
                  ssl_fd = <optimized out>
          #10 0x56c3661c in init_ssl () at /mariadb/10.5-merge/sql/mysqld.cc:4407
                  error = SSL_INITERR_NOERROR
          

          wlad Vladislav Vaintroub added a comment - thread 1 #3 <signal handler called> No symbol table info available. #4 0xf7a8215c in ?? () from /lib/i386-linux-gnu/libc.so.6 No symbol table info available. #5 0x5776d235 in wolfSSL_EVP_CipherInit () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c:4863 No locals. #6 0x5776dd5b in wolfSSL_EVP_CipherInit_ex () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c:331 No locals. #7 0x572cfa6b in MyCTX::init (ivlen=0, iv=0x0, klen=16, key=0xee4f47fc "w\n\212e\332\025m$\356*\t2wS\001B4\362\004X4\362\004X \311)Z0\311)Z", encrypt=1, cipher=<optimized out>, this=0xee4f44b0) at /mariadb/10.5-merge/mysys_ssl/my_crypt.cc:67 __PRETTY_FUNCTION__ = <optimized out> #8 MyCTX_nopad::init (this=<optimized out>, cipher=<optimized out>, encrypt=<optimized out>, key=<optimized out>, klen=<optimized out>, iv=<optimized out>, ivlen=<optimized out>) at /mariadb/10.5-merge/mysys_ssl/my_crypt.cc:120 __PRETTY_FUNCTION__ = "virtual int MyCTX_nopad::init(const EVP_CIPHER*, int, const uchar*, uint, const uchar*, uint)" res = <optimized out> #9 0x572cf442 in my_aes_crypt (mode=mode@entry=MY_AES_ECB, flags=flags@entry=3, src=src@entry=0xec700620 "K\365\025\365a\275\235\034\356\335\373\202\331\032\242", <incomplete sequence \302>, slen=slen@entry=16, dst=dst@entry=0xee4f47ec "4\362\004X4\362\004X\240w\227X\377\377\377\377w\n\212e\332\025m$\356*\t2wS\001B4\362\004X4\362\004X \311)Z0\311)Z", dlen=dlen@entry=0xee4f47e4, key=key@entry=0xee4f47fc "w\n\212e\332\025m$\356*\t2wS\001B4\362\004X4\362\004X \311)Z0\311)Z", klen=16, iv=iv@entry=0x0, ivlen=ivlen@entry=0) at /mariadb/10.5-merge/mysys_ssl/my_crypt.cc:313 ctx = 0xee4f44b0 res1 = <optimized out> res2 = <optimized out> d1 = 0 d2 = 0 thread2 (main) Thread 4 (Thread 0xf791f740 (LWP 1809279)): #0 fast_mp_montgomery_reduce () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:2514 No locals. #1 0x577f09af in mp_exptmod_fast () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:2149 No locals. #2 0x577f1426 in mp_exptmod () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:927 No locals. #3 0x577f22f0 in mp_prime_miller_rabin () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:4656 No locals. #4 0x577f27e1 in mp_prime_is_prime_ex () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:4867 No locals. #5 0x577ccea3 in _DhSetKey () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/dh.c:2181 No locals. #6 0x57762e35 in wolfSSL_CTX_SetTmpDH () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/src/ssl.c:1840 No locals. #7 0x57789990 in wolfSSL_CTX_set_tmp_dh () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/src/ssl.c:40209 No locals. #8 0x572103ae in new_VioSSLFd (key_file=<optimized out>, cert_file=<optimized out>, ca_file=<optimized out>, ca_path=0x0, cipher=0x0, is_client_method=0 '\000', error=0xfff1580c, crl_file=0x0, crl_path=0x0, tls_version=14) at /mariadb/10.5-merge/vio/viosslfactories.c:341 dh = 0x5a284dc0 ssl_fd = 0x5a2cfb68 ssl_ctx_options = <optimized out> _db_stack_frame_ = {func = 0x57ae0ed4 "?func", file = 0x57ae0eda "?file", level = 2147483649, line = -1, prev = 0x0} __PRETTY_FUNCTION__ = "new_VioSSLFd" #9 0x5721099e in new_VioSSLAcceptorFd (key_file=0x59f64fc8 "/mariadb/10.5-merge/mysql-test/std_data/server-key.pem", cert_file=0x59f64f79 "/mariadb/10.5-merge/mysql-test/std_data/server-cert.pem", ca_file=0x59f64f2f "/mariadb/10.5-merge/mysql-test/std_data/cacert.pem", ca_path=0x0, cipher=0x0, error=error@entry=0xfff1580c, crl_file=0x0, crl_path=0x0, tls_version=14) at /mariadb/10.5-merge/vio/viosslfactories.c:414 ssl_fd = <optimized out> #10 0x56c3661c in init_ssl () at /mariadb/10.5-merge/sql/mysqld.cc:4407 error = SSL_INITERR_NOERROR

          People

            wlad Vladislav Vaintroub
            wlad Vladislav Vaintroub
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.