[MDEV-22917] wolfssl might crash at startup when both SSL and encryption plugin are enabled Created: 2020-06-16  Updated: 2020-07-28  Resolved: 2020-07-28

Status: Closed
Project: MariaDB Server
Component/s: Encryption, Server, SSL
Affects Version/s: 10.4, 10.5
Fix Version/s: 10.4.13

Type: Bug Priority: Major
Reporter: Vladislav Vaintroub Assignee: Vladislav Vaintroub
Resolution: Fixed Votes: 0
Labels: None

Attachments: Text File stacks.txt    

 Description   

stacktraces, provided by Marko, show that
both the main thread and one of the innodb threads are doing something encryption (main thread for the SSL, innodb for encryption) at the same time.

The suspected problem is that SSL_library_init() in WolfSSL, and suspicion is that there were 2 WolfSSL_Init() running in parallel close to the crash.

I have seen it also in the past on a Windows build, for which I do not have stacktraces anymore.

The proposed solution is to do SSL initialization when encryption plugin is loaded.

 Comments   
Comment by Vladislav Vaintroub [ 2020-06-16 ]

thread 1

#3  <signal handler called>
 
No symbol table info available.
 
#4  0xf7a8215c in ?? () from /lib/i386-linux-gnu/libc.so.6
 
No symbol table info available.
 
#5  0x5776d235 in wolfSSL_EVP_CipherInit () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c:4863
 
No locals.
 
#6  0x5776dd5b in wolfSSL_EVP_CipherInit_ex () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c:331
 
No locals.
 
#7  0x572cfa6b in MyCTX::init (ivlen=0, iv=0x0, klen=16, key=0xee4f47fc "w\n\212e\332\025m$\356*\t2wS\001B4\362\004X4\362\004X \311)Z0\311)Z", encrypt=1, cipher=<optimized out>, this=0xee4f44b0) at /mariadb/10.5-merge/mysys_ssl/my_crypt.cc:67
 
        __PRETTY_FUNCTION__ = <optimized out>
 
#8  MyCTX_nopad::init (this=<optimized out>, cipher=<optimized out>, encrypt=<optimized out>, key=<optimized out>, klen=<optimized out>, iv=<optimized out>, ivlen=<optimized out>) at /mariadb/10.5-merge/mysys_ssl/my_crypt.cc:120
 
        __PRETTY_FUNCTION__ = "virtual int MyCTX_nopad::init(const EVP_CIPHER*, int, const uchar*, uint, const uchar*, uint)"
 
        res = <optimized out>
 
#9  0x572cf442 in my_aes_crypt (mode=mode@entry=MY_AES_ECB, flags=flags@entry=3, src=src@entry=0xec700620 "K\365\025\365a\275\235\034\356\335\373\202\331\032\242", <incomplete sequence \302>, slen=slen@entry=16, dst=dst@entry=0xee4f47ec "4\362\004X4\362\004X\240w\227X\377\377\377\377w\n\212e\332\025m$\356*\t2wS\001B4\362\004X4\362\004X \311)Z0\311)Z", dlen=dlen@entry=0xee4f47e4, key=key@entry=0xee4f47fc "w\n\212e\332\025m$\356*\t2wS\001B4\362\004X4\362\004X \311)Z0\311)Z", klen=16, iv=iv@entry=0x0, ivlen=ivlen@entry=0) at /mariadb/10.5-merge/mysys_ssl/my_crypt.cc:313
 
        ctx = 0xee4f44b0
 
        res1 = <optimized out>
 
        res2 = <optimized out>
 
        d1 = 0
 
        d2 = 0

thread2 (main)

Thread 4 (Thread 0xf791f740 (LWP 1809279)):
 
#0  fast_mp_montgomery_reduce () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:2514
 
No locals.
 
#1  0x577f09af in mp_exptmod_fast () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:2149
 
No locals.
 
#2  0x577f1426 in mp_exptmod () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:927
 
No locals.
 
#3  0x577f22f0 in mp_prime_miller_rabin () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:4656
 
No locals.
 
#4  0x577f27e1 in mp_prime_is_prime_ex () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c:4867
 
No locals.
 
#5  0x577ccea3 in _DhSetKey () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/wolfcrypt/src/dh.c:2181
 
No locals.
 
#6  0x57762e35 in wolfSSL_CTX_SetTmpDH () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/src/ssl.c:1840
 
No locals.
 
#7  0x57789990 in wolfSSL_CTX_set_tmp_dh () at /mariadb/10.5-merge/extra/wolfssl/wolfssl/src/ssl.c:40209
 
No locals.
 
#8  0x572103ae in new_VioSSLFd (key_file=<optimized out>, cert_file=<optimized out>, ca_file=<optimized out>, ca_path=0x0, cipher=0x0, is_client_method=0 '\000', error=0xfff1580c, crl_file=0x0, crl_path=0x0, tls_version=14) at /mariadb/10.5-merge/vio/viosslfactories.c:341
 
        dh = 0x5a284dc0
 
        ssl_fd = 0x5a2cfb68
 
        ssl_ctx_options = <optimized out>
 
        _db_stack_frame_ = {func = 0x57ae0ed4 "?func", file = 0x57ae0eda "?file", level = 2147483649, line = -1, prev = 0x0}
 
        __PRETTY_FUNCTION__ = "new_VioSSLFd"
 
#9  0x5721099e in new_VioSSLAcceptorFd (key_file=0x59f64fc8 "/mariadb/10.5-merge/mysql-test/std_data/server-key.pem", cert_file=0x59f64f79 "/mariadb/10.5-merge/mysql-test/std_data/server-cert.pem", ca_file=0x59f64f2f "/mariadb/10.5-merge/mysql-test/std_data/cacert.pem", ca_path=0x0, cipher=0x0, error=error@entry=0xfff1580c, crl_file=0x0, crl_path=0x0, tls_version=14) at /mariadb/10.5-merge/vio/viosslfactories.c:414
 
        ssl_fd = <optimized out>
 
#10 0x56c3661c in init_ssl () at /mariadb/10.5-merge/sql/mysqld.cc:4407
 
        error = SSL_INITERR_NOERROR

Generated at Thu Feb 08 09:18:27 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.