[MDEV-28339] Crashes with OpenSSL 3.0.2 Created: 2022-04-18  Updated: 2022-05-16  Resolved: 2022-05-16

Status: Closed
Project: MariaDB Server
Component/s: Server
Affects Version/s: 10.5.15, 10.6.7, 10.7.3
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Andy Assignee: Unassigned
Resolution: Incomplete Votes: 0
Labels: openssl
Environment:

SunOS hosting 5.11 omnios-r151042-7577932f27 i86pc i386 i86pc
(although I think this will be a general problem, not OS-specific)
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

Issue Links:
Relates
relates to MDEV-25785 Add support for OpenSSL 3.0 Closed

 Description   

Since upgrading my OS to a version which ships mariadb built against openssl 3.0.2, I am seeing server crashes in both my_md5() and my_aes()

status: process terminated by SIGSEGV (Segmentation Fault), pid=25463 uid=70
 
> $C
 
fffffaffee718aa0 libcrypto.so.3`evp_cipher_init_internal+0x3d()
 
fffffaffee718ac0 libcrypto.so.3`EVP_CipherInit_ex+0xf()
 
fffffaffee718ad0 MyCTX::init+0x1d()
 
fffffaffee718dd0 my_aes_crypt+0x64()
 
fffffaffee718ed0 Item_aes_crypt::val_str+0x110()


status: process terminated by SIGSEGV (Segmentation Fault), pid=14380 uid=70
 
> $C
 
fffffaffed89efe0 libcrypto.so.3`EVP_MD_free+5()
 
fffffaffed89f000 libcrypto.so.3`EVP_MD_CTX_reset+0x2c()
 
fffffaffed89f080 my_md5+0x46()
 
fffffaffed89f0d0 Item_func_md5::val_str_ascii+0x53()
 
fffffaffed89f110 Item_func::val_str_from_val_str_ascii+0x85()

Changing the code to use the new openssl APIs with EVP_CIPHER/MD_CTX_new/free() resolves the problem for me, but that doesn't fix the plugin API.

 Comments   
Comment by Sergei Golubchik [ 2022-04-18 ]

MariaDB 10.5.15, 10.6.7, 10.7.3 cannot be built with OpenSSL 3.0. There's a compile-time check that prevents that: https://github.com/MariaDB/server/commit/c9beef43154

I suspect your OS mariadb maintainers have removed this safety check and ended up with a broken binary.

At the moment MariaDB supports OpenSSL 3.0 only starting from MariaDB 10.8. We do plan to backport this change, but it has not happened yet.

Comment by Andy [ 2022-04-18 ]

It would appear so, I'll go and look into that.
Thanks!

Generated at Thu Feb 08 09:59:56 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.