GNU TLS Hang after error

Alexander Brukhanov brukhanov.a.e at amakan.ru
Mon Aug 22 12:33:53 CEST 2011 

I'm using gnutls 2.12.8 with poll and pthreads on FreeBSD and Linux
systems. Some times (when I have a long time between requests) I have
gnutls hanged. Here is my backtrace:

(gdb) info threads
  4 Thread 0xb6fc4b70 (LWP 11499)  0xb751d29c in *__GI___poll
(fds=0xb759fff4, nfds=1, timeout=-1)
    at ../sysdeps/unix/sysv/linux/poll.c:87
  3 Thread 0xb5ec4b70 (LWP 11952)  __lll_lock_wait ()
at ../nptl/sysdeps/unix/sysv/linux/i386/i486/lowlevellock.S:144
  2 Thread 0xb3affb70 (LWP 11973)  __lll_lock_wait ()
at ../nptl/sysdeps/unix/sysv/linux/i386/i486/lowlevellock.S:144
* 1 Thread 0xb6fc5aa0 (LWP 11498)  0xb74f5e4c in nanosleep ()
at ../sysdeps/unix/syscall-template.S:82
(gdb) thread 3
[Switching to thread 3 (Thread 0xb5ec4b70 (LWP 11952))]#0
__lll_lock_wait ()
    at ../nptl/sysdeps/unix/sysv/linux/i386/i486/lowlevellock.S:144
144	../nptl/sysdeps/unix/sysv/linux/i386/i486/lowlevellock.S: Нет такого
файла или каталога.
	in ../nptl/sysdeps/unix/sysv/linux/i386/i486/lowlevellock.S
(gdb) bt
#0  __lll_lock_wait ()
at ../nptl/sysdeps/unix/sysv/linux/i386/i486/lowlevellock.S:144
#1  0xb75abe5d in _L_lock_748 () from /lib/libpthread.so.0
#2  0xb75abc81 in __pthread_mutex_lock (mutex=0x88897f8) at
pthread_mutex_lock.c:61
#3  0x080da773 in gnutls_system_mutex_lock (priv=0x81b0ca0) at
system.c:197
#4  0x08125554 in wrap_nettle_rnd (_ctx=0x0, level=0, data=0x88ab0de,
datasize=32) at rnd.c:449
#5  0x080d9c68 in gnutls_rnd (level=GNUTLS_RND_NONCE, data=0x88ab0de,
len=143169528) at random.c:78
#6  0x080b4f77 in _gnutls_generate_session_id (session_id=0x88ab0de "",
len=0x88ab0fe " ") at gnutls_handshake.c:3157
#7  0x080b60be in _gnutls_read_client_hello (session=0x88ab058, 
    data=0x888b748 "\003\001NR\004\f\256\214\200\376=\200\274\fF\320\341
\275\341 Z\024H\250ɠA\257\360\336\027˰\177 \340\317\327\024\034\236\070
\245;\v|\177R\a\360\023\233\034\332\373\374\254\003\246W\001\036\360uXp
\204", datalen=186)
    at gnutls_handshake.c:500
#8  _gnutls_recv_hello (session=0x88ab058, 
    data=0x888b748 "\003\001NR\004\f\256\214\200\376=\200\274\fF\320\341
\275\341 Z\024H\250ɠA\257\360\336\027˰\177 \340\317\327\024\034\236\070
\245;\v|\177R\a\360\023\233\034\332\373\374\254\003\246W\001\036\360uXp
\204", datalen=186)
    at gnutls_handshake.c:2355
#9  0x080b7138 in _gnutls_recv_handshake (session=0x88ab058, data=0x0,
datalen=0x0, 
    type=GNUTLS_HANDSHAKE_CLIENT_HELLO, optional=MANDATORY_PACKET) at
gnutls_handshake.c:1526
#10 0x080b8fa0 in _gnutls_handshake_server (session=0x88ab058) at
gnutls_handshake.c:2987
#11 0x080ba0c7 in gnutls_handshake (session=0x88ab058) at
gnutls_handshake.c:2677
#12 0x0805eeee in MHD_tls_connection_handle_read (connection=0x888b868)
at connection_https.c:62
#13 0x0805e099 in MHD_handle_connection (data=0x888b868) at daemon.c:657
#14 0xb75a97b0 in start_thread (arg=0xb5ec4b70) at pthread_create.c:300
#15 0xb752a8fe in clone ()
at ../sysdeps/unix/sysv/linux/i386/clone.S:130
(gdb) thread 2
[Switching to thread 2 (Thread 0xb3affb70 (LWP 11973))]#0
__lll_lock_wait ()
    at ../nptl/sysdeps/unix/sysv/linux/i386/i486/lowlevellock.S:144
144	in ../nptl/sysdeps/unix/sysv/linux/i386/i486/lowlevellock.S
(gdb) bt
#0  __lll_lock_wait ()
at ../nptl/sysdeps/unix/sysv/linux/i386/i486/lowlevellock.S:144
#1  0xb75abe5d in _L_lock_748 () from /lib/libpthread.so.0
#2  0xb75abc81 in __pthread_mutex_lock (mutex=0x88897f8) at
pthread_mutex_lock.c:61
#3  0x080da773 in gnutls_system_mutex_lock (priv=0x81b0ca0) at
system.c:197
#4  0x08125554 in wrap_nettle_rnd (_ctx=0x0, level=0, data=0xb3aff027,
datasize=28) at rnd.c:449
#5  0x080d9c68 in gnutls_rnd (level=GNUTLS_RND_NONCE, data=0xb3aff027,
len=143169528) at random.c:78
#6  0x080b5b6e in _gnutls_tls_create_random (dst=0xb3aff023 "NR\006\037
\bh\360\257\263@\026\r\b<܈\bHɈ\b\272")
    at gnutls_handshake.c:330
#7  0x080b5c71 in _gnutls_read_client_hello (session=0x88ab928, 
    data=0x888c948 "\003\001NR\006\037M-\341V\227!\273\002\334y\256
\232aTM\277\016LAc\020Dʰ\233\343/\020 \340\317\327\024\034\236\070\245;
\v|\177R\a\360\023\233\034\332\373\374\254\003\246W\001\036\360uXp\204",
datalen=186)
    at gnutls_handshake.c:443
#8  _gnutls_recv_hello (session=0x88ab928, 
    data=0x888c948 "\003\001NR\006\037M-\341V\227!\273\002\334y\256
\232aTM\277\016LAc\020Dʰ\233\343/\020 \340\317\327\024\034\236\070\245;
\v|\177R\a\360\023\233\034\332\373\374\254\003\246W\001\036\360uXp\204",
datalen=186)
    at gnutls_handshake.c:2355
#9  0x080b7138 in _gnutls_recv_handshake (session=0x88ab928, data=0x0,
datalen=0x0, 
    type=GNUTLS_HANDSHAKE_CLIENT_HELLO, optional=MANDATORY_PACKET) at
gnutls_handshake.c:1526
#10 0x080b8fa0 in _gnutls_handshake_server (session=0x88ab928) at
gnutls_handshake.c:2987
#11 0x080ba0c7 in gnutls_handshake (session=0x88ab928) at
gnutls_handshake.c:2677
#12 0x0805eeee in MHD_tls_connection_handle_read (connection=0x88aaf90)
at connection_https.c:62
#13 0x0805e099 in MHD_handle_connection (data=0x88aaf90) at daemon.c:657
#14 0xb75a97b0 in start_thread (arg=0xb3affb70) at pthread_create.c:300
#15 0xb752a8fe in clone ()
at ../sysdeps/unix/sysv/linux/i386/clone.S:130

As I understand it happens because wrap_nettle_rnd exits with error. You
do not do RND_UNLOCK in case of error. But I have tried to unlock it. It
cause libmicrohttpd to drop all incoming connections.

static int
wrap_nettle_rnd (void *_ctx, int level, void *data, size_t datasize)
{
  int ret;

  RND_LOCK;

  ret = do_trivia_source (0);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }

  ret = do_device_source (0);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }

  yarrow256_random (&yctx, datasize, data);
  RND_UNLOCK;
  return 0;
}

Please, I need a advice what to do ?

More information about the Gnutls-help mailing list