openssl: OPENSSL_cleanse crash

version: openssl 1.1.1 problem: mutil thread concurrently sending https reqquest with ssl , OPENSSL_cleanse crash stack info:

#0  0x0000000000ab0be5 in OPENSSL_cleanse ()
#1  0x0000000000a44c2b in CRYPTO_secure_clear_free ()
#2  0x0000000000a5ed51 in rand_pool_free ()
#3  0x0000000000a5dd47 in rand_drbg_restart ()
#4  0x0000000000a5dfb6 in RAND_DRBG_generate ()
#5  0x0000000000a5e27b in RAND_DRBG_bytes ()
#6  0x00000000009b7cf6 in SSL_CTX_new ()
#7  0x0000000000999263 in ossl_connect_step1 ()
#8  0x000000000099a813 in ossl_connect_common ()
#9  0x000000000096aca6 in Curl_ssl_connect_nonblocking ()
#10 0x0000000000970182 in https_connecting ()
#11 0x0000000000971a63 in Curl_http_connect ()
#12 0x0000000000977111 in Curl_protocol_connect ()
#13 0x000000000095b136 in multi_runsingle ()
#14 0x000000000095c2c3 in curl_multi_perform ()
#15 0x0000000000956d57 in curl_easy_perform ()
#16 0x00000000005680ec in jsonrpc::HttpsClient::SendRPCMessage (this=0x7e9c600102f0, message=..., result=...) at p2p/spv/jsonrpc/https_client.cpp:101
#17 0x0000000000953a33 in jsonrpc::Client::CallMethod(std::string const&, Json::Value const&, Json::Value&) ()
#18 0x0000000000953b3e in jsonrpc::Client::CallMethod(std::string const&, Json::Value const&) ()
#19 0x000000000054da2e in jsonrpc::RouterClient::core_InvokeBlockchain (this=0x7e9c60010560, param01=...) at ./p2p/spv/jsonrpc/router_client.hpp:30
#20 0x0000000000548c6f in network::SpvNode::insertTransaction (this=0x7fcc3163c010, version=1, meta=..., inputs=..., outputs=..., locktime=0, format=...) at p2p/spv/spvnode.cpp:643
#21 0x000000000054b5a7 in jsonrpc::AppJsonServer::insertTransactionI (this=0x7fcc3168c7d8, request=..., response=...) at ./p2p/spv/jsonrpc/app_server.hpp:32
#22 0x0000000000555883 in jsonrpc::AbstractServer<jsonrpc::AppJsonServer>::HandleMethodCall (this=0x7fcc3168c7d8, proc=..., input=..., output=...)
    at thirdparty/jsonrpc/include/jsonrpccpp/server/abstractserver.h:57

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 19 (14 by maintainers)

Most upvoted comments

# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 11 Sep 2018"

This version has known reentrancy bugs. Those were fixed long ago, but you need to update to 1.1.1a at least.

+1
bernd-edlinger on Dec 17, 2019
Read more comments on GitHub
← openssl: `OPENSSL_1_1_1' not found (required by openssl)
openssl: OPENSSL_init_ssl fails in RUN_ONCE and ossl_init_config →