[#MDEV-26771] crash with OpenSSL 3.0.0

[MDEV-26771] crash with OpenSSL 3.0.0 Created: 2021-10-06 Updated: 2022-01-20 Resolved: 2022-01-20
Status:	Closed
Project:	MariaDB Server
Component/s:	Compiling, SSL
Affects Version/s:	10.6.4
Fix Version/s:	10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6, 10.7.2

Type:

Bug

Priority:

Major

Reporter:

Tomohiro KATO

Assignee:

Sergei Golubchik

Resolution:

Fixed

Votes:

Labels:

None

Attachments:

mariadb-crash.log

Issue Links:

PartOf
is part of	~~MDEV-25785~~	Add support for OpenSSL 3.0	Closed

Description

I succeeded in building MariaDB 10.6.4 with OpenSSL 3.0.0 but failed to launch it.

in include/ssl_compat.h:27:

#define EVP_MD_CTX_SIZE 48

In OpenSSL 3.0.0 the size of EVP_MD_CTX has been increased to 72. When I increased the value and built it, it started successfully.

Comments

Comment by Christopher Alexander Chavez [ 2022-01-14 ]

Why is check_openssl_compatibility() not detecting this situation so that MariaDB aborts rather than crashes? Is the code which crashes (due to OpenSSL compatibility being assumed) executed before check_openssl_compatibility()?

Comment by Sergei Golubchik [ 2022-01-15 ]

check_openssl_compatibility() doesn't always work, it's a best-effort check.

one of the reasons why it might not work is this sentence from the man CRYPTO_set_mem_functions.

If no allocations have been done, it is possible to "swap out" the default implementations for OPENSSL_malloc(), OPENSSL_realloc() and OPENSSL_free() and replace them with alternate versions.

as soon as OpenSSL does it's very first memory allocation, CRYPTO_set_mem_functions() becomes a no-op. And may be OpenSSL 3.0 allocates something internally very early.

Generated at Thu Feb 08 09:47:49 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-26771] crash with OpenSSL 3.0.0 Created: 2021-10-06 Updated: 2022-01-20 Resolved: 2022-01-20