[sam.sharma@gat.com - Wed Mar 29 00:43:29 2006]:

> Hi
> I compiled openssl 0.9.8a in two different directories one without debug
> option and another with -g debug mode. My openssl configure command is:
> ./Configure --openssldir=$(PKG_64BIT_INSTALL_DIR) -fPIC linux-ia64
> (no-debug)
> ./Configure --openssldir=$(PKG_64BIT_INSTALL_DIR) -fPIC linux-ia64:gcc -g
> (debug)
> Openssl test command:
> openssl x509 -inform DER -in key/buffer.der
> These are the comments:
> 1. The openssl command compiled in debug mode (-g) does not crash.
> 2. The openssl command compiled in non-debug mode (without -g) is giving
> segment violation.
> 3. The crash happens only on ia64 system. All other UNIX system it works
> fine.
> 4. The openssl 0.9.7d command compiled in non-debug mode works fine.
> 5. The openssl crashes with any public certificates. I used 2-3 different
> certificates for tests and one certificate is attached with this

e-mail. The
> sam.c program I used to write the buffer.der file.
> I hope you may be able to get to the bottom of this problem. Because

it does
> not crash in debug mode, it's difficult for me to debug the problem. Feel
> free to let me know incase I need to test anything more. I hope we

would be
> able to get the fix in next openssl release.

Well I don't have access to an IA64 system so this may be a bit tricky...

First possibility is a compiler bug. Have you tried updating gcc? Can
you test this on other 64 bit platforms too to see if there is a problem?

You say OpenSSL 0.9.7d is OK. What about 0.9.7e? Basically can you track
down the first version where this actually happens?

If there is stack corruption or some unknown memory access then can you
try linking in a debugging malloc library into a debug build of OpenSSL
with something like heap and fence post checking?

Have you tried it without -fPIC?


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org