26 Sep
2019
26 Sep
'19
6:22 p.m.
### Description
After the upgrade of our system to Debian Buster, kamailio started crashing due to TLS
module. The issue look similar to the one described in
https://github.com/kamailio/kamailio/issues/1860
In Debian Stretch everything was working fine because we compiled kamailio using
openssl-1.0 as suggested in the linked issue. Unfortunately Debian Buster doesn't
support that old version of the package so we compiled it with openssl-1.1 and we put in
place the workaround suggested here
https://github.com/kamailio/kamailio/commit/efdc141ecb5ff72e3224e47deaaa79f… but
this didn't solved the issue.
#### Debugging Data
At the moment I don have full access to the system so I can provide only the following
backtrace:
(gdb) bt full
#0 aesni_ecb_encrypt () at crypto/aes/aesni-x86_64.s:624
No locals.
0000001 0x00007fe7b2159917 in aesni_ecb_cipher (len=16, in=0x7fe7ae3052d0
"\271a\321\064vGKiB\337\344\070\353\220\005\245\020O", <incomplete sequence
\323>,
out=0x7fe7ae58d068 "", ctx=0x7fe7ae3053b8) at ../crypto/evp/e_aes.c:319
bl = <optimized out>
bl = <optimized out>
#2 aesni_ecb_cipher (ctx=0x7fe7ae3053b8, out=0x7fe7ae58d068 "",
in=0x7fe7ae3052d0 "\271a\321\064vGKiB\337\344\070\353\220\005\245\020O",
<incomplete sequence \323>,
len=16) at ../crypto/evp/e_aes.c:311
bl = <optimized out>
0000003 0x00007fe7b2165533 in evp_EncryptDecryptUpdate (ctx=0x7fe7ae3053b8,
out=0x7fe7ae58d068 "", outl=0x7fff207dc534,
in=0x7fe7ae3052d0 "\271a\321\064vGKiB\337\344\070\353\220\005\245\020O",
<incomplete sequence \323>, inl=16) at ../crypto/evp/evp_enc.c:333
i = <optimized out>
j = <optimized out>
bl = 16
cmpl = <optimized out>
#4 0x00007fe7b219830f in drbg_ctr_generate (drbg=0x7fe7ae3051e8, out=0x7fe7ae58d068
"", outlen=32, adin=0x0, adinlen=0) at ../crypto/rand/drbg_ctr.c:340
outl = 16
ctr = 0x7fe7ae305290
#5 0x00007fe7b21991fb in RAND_DRBG_generate (drbg=drbg@entry=0x7fe7ae3051e8,
out=out@entry=0x7fe7ae58d068 "", outlen=outlen@entry=32,
prediction_resistance=prediction_resistance@entry=0, adin=0x0,
adinlen=adinlen@entry=0) at ../crypto/rand/drbg_lib.c:638
reseed_required = <optimized out>
#6 0x00007fe7b2199481 in RAND_DRBG_bytes (drbg=0x7fe7ae3051e8, out=0x7fe7ae58d068
"", outlen=32) at ../crypto/rand/drbg_lib.c:679
additional = 0x0
additional_len = 0
chunk = 32
ret = <optimized out>
0000007 0x00007fe7b22f96fd in ssl_fill_hello_random (s=s@entry=0x7fe7ae588de0,
server=server@entry=0, result=0x7fe7ae58d068 "", len=len@entry=32,
dgrd=dgrd@entry=DOWNGRADE_NONE) at ../ssl/s3_lib.c:4589
send_time = <optimized out>
ret = <optimized out>
#8 0x00007fe7b231b06e in tls_construct_client_hello (s=0x7fe7ae588de0, pkt=0x7fff207dc700)
at ../ssl/statem/statem_clnt.c:1153
p = <optimized out>
sess_id_len = <optimized out>
i = <optimized out>
protverr = 0
comp = <optimized out>
sess = 0x0
session_id = <optimized out>
0000009 0x00007fe7b231a33f in write_state_machine (s=0x7fe7ae588de0) at
../ssl/statem/statem.c:843
post_work = 0x7fe7b231f5a0 <ossl_statem_client_post_work>
mt = 1
pkt = {buf = 0x7fe7ae59fc90, staticbuf = 0x0, curr = 4, written = 4, maxsize =
18446744073709551615, subs = 0x7fe7ae58be30}
ret = <optimized out>
pre_work = 0x7fe7b231d180 <ossl_statem_client_pre_work>
--Type <RET> for more, q to quit, c to continue without paging--
get_construct_message_f = 0x7fe7b231d250
<ossl_statem_client_construct_message>
confunc = 0x7fe7b231ad20 <tls_construct_client_hello>
st = 0x7fe7ae588e28
transition = 0x7fe7b231cde0 <ossl_statem_client_write_transition>
cb = 0x7fe7b2375fb0
st = <optimized out>
ret = <optimized out>
transition = <optimized out>
pre_work = <optimized out>
post_work = <optimized out>
get_construct_message_f = <optimized out>
cb = <optimized out>
confunc = <optimized out>
mt = <optimized out>
pkt = <optimized out>
#10 state_machine (s=0x7fe7ae588de0, server=0) at ../ssl/statem/statem.c:443
buf = 0x0
cb = 0x7fe7b2375fb0
st = <optimized out>
ret = <optimized out>
ssret = <optimized out>
0000011 0x00007fe7b2306264 in SSL_do_handshake (s=0x7fe7ae588de0) at
../ssl/ssl_lib.c:3599
ret = 1
#12 0x00007fe7b23a40b4 in tls_connect () from
/usr/lib/x86_64-linux-gnu/kamailio/modules/tls.so
No symbol table info available.
0000013 0x00007fe7b23a568d in tls_encode_f () from
/usr/lib/x86_64-linux-gnu/kamailio/modules/tls.so
No symbol table info available.
#14 0x000055f60cceaf7e in tcp_send ()
No symbol table info available.
0000015 0x00007fe7b4e65920 in send_pr_buffer () from
/usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
#16 0x00007fe7b4e826e8 in t_send_branch () from
/usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
0000017 0x00007fe7b4e85adf in t_forward_nonack () from
/usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
#18 0x00007fe7b4e69452 in t_relay_to () from
/usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
#19 0x00007fe7b4e340ea in ?? () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
#20 0x000055f60cc50f29 in do_action ()
No symbol table info available.
0000021 0x000055f60cc4fa1a in run_actions ()
No symbol table info available.
#22 0x000055f60cc517e2 in do_action ()
--Type <RET> for more, q to quit, c to continue without paging--
No symbol table info available.
0000023 0x000055f60cc4fa1a in run_actions ()
No symbol table info available.
#24 0x000055f60cc5154f in do_action ()
No symbol table info available.
0000025 0x000055f60cc4fa1a in run_actions ()
No symbol table info available.
#26 0x000055f60cc5d46f in run_top_route ()
No symbol table info available.
0000027 0x000055f60cd594cf in receive_msg ()
No symbol table info available.
#28 0x000055f60cc7ab45 in udp_rcv_loop ()
No symbol table info available.
0000029 0x000055f60cc0febb in main_loop ()
No symbol table info available.
#30 0x000055f60cc07415 in main ()
No symbol table info available.
(gdb)
### Additional Information
Kamailio version 5.2.3
Debian Buster 10.1
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2077