Hi

I think fPIC is required, the code may not compile without fPIC. I will try
with other 0.9.7e/f/g version and let you know. Also on other 64bit systems
i.e. HP-UX, Solaris, Linux x86_64, SGI the openssl works just fine.

The x_name.c file difference between 7d and 8a is not much as shown below. I
see that there are variable type changes and some defines.

[srbkit@charm:ssl]$ diff 64/openssl-0.9.7d/crypto/asn1/x_name.c
64.8a/openssl-0.9.8a/crypto/asn1/x_name.c
64c64
< static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long
len, const ASN1_ITEM *it,
---
> static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in,

long len, const ASN1_ITEM *it,
126c126
< ASN1err(ASN1_F_X509_NAME_NEW, ERR_R_MALLOC_FAILURE);
---
> ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);

159c159
< static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long
len, const ASN1_ITEM *it,
---
> static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in,

long len, const ASN1_ITEM *it,
162,163c162,163
< unsigned char *p = *in, *q;
< STACK *intname = NULL;
---
> const unsigned char *p = *in, *q;
> STACK *intname = NULL, **intname_pp = &intname;

165c165
< X509_NAME *nm = NULL;
---
> X509_NAME *nm = NULL, **nm_pp = &nm;

171,172c171,173
< ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len,
ASN1_ITEM_rptr(X509_NAME_INTERNAL),
< tag, aclass,
opt, ctx);
---
> ret = ASN1_item_ex_d2i((ASN1_VALUE **)intname_pp,
> &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
> tag, aclass, opt, ctx);

177c178
< if(!x509_name_ex_new((ASN1_VALUE **)&nm, NULL)) goto err;
---
> if(!x509_name_ex_new((ASN1_VALUE **)nm_pp, NULL)) goto err;

199c200
< ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_NESTED_ASN1_ERROR);
---
> ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);

221c222
< STACK *intname = NULL;
---
> STACK *intname = NULL, **intname_pp = &intname;

239c240,241
< len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL,
ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
---
> len = ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, NULL,
> ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);

242c244,245
< ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p,
ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
---
> ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp,
> &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);

248c251
< ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE);
---
> ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);








-----Original Message-----
From: postmaster@Merkur.SBone.TU-Cottbus.De
[mailtoostmaster@Merkur.SBone.TU-Cottbus.De] On Behalf Of Stephen Henson
via RT
Sent: Tuesday, March 28, 2006 4:08 PM
To: sam.sharma@gat.com
Cc: openssl-dev@openssl.org
Subject: [openssl.org #1296] openssl 0.9.8a/0.9.7g crashes on IA64

[sam.sharma@gat.com - Wed Mar 29 00:43:29 2006]:

> Hi
>
> I compiled openssl 0.9.8a in two different directories one without debug
> option and another with -g debug mode. My openssl configure command is:
>
> ./Configure --openssldir=$(PKG_64BIT_INSTALL_DIR) -fPIC linux-ia64
> (no-debug)
>
> ./Configure --openssldir=$(PKG_64BIT_INSTALL_DIR) -fPIC linux-ia64:gcc -g
> (debug)
>
> Openssl test command:
>
> openssl x509 -inform DER -in key/buffer.der
>
> These are the comments:
>
> 1. The openssl command compiled in debug mode (-g) does not crash.
>
> 2. The openssl command compiled in non-debug mode (without -g) is giving
> segment violation.
>
> 3. The crash happens only on ia64 system. All other UNIX system it works
> fine.
>
> 4. The openssl 0.9.7d command compiled in non-debug mode works fine.
>
> 5. The openssl crashes with any public certificates. I used 2-3 different
> certificates for tests and one certificate is attached with this

e-mail. The
> sam.c program I used to write the buffer.der file.
>
> I hope you may be able to get to the bottom of this problem. Because

it does
> not crash in debug mode, it's difficult for me to debug the problem. Feel
> free to let me know incase I need to test anything more. I hope we

would be
> able to get the fix in next openssl release.
>


Well I don't have access to an IA64 system so this may be a bit tricky...

First possibility is a compiler bug. Have you tried updating gcc? Can
you test this on other 64 bit platforms too to see if there is a problem?

You say OpenSSL 0.9.7d is OK. What about 0.9.7e? Basically can you track
down the first version where this actually happens?

If there is stack corruption or some unknown memory access then can you
try linking in a debugging malloc library into a debug build of OpenSSL
with something like heap and fence post checking?

Have you tried it without -fPIC?

Steve.

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org