SSL3_CTX_CTRL:called a function you should not call

Server NGINX
1

nginx 1.6.2 + libressl 2.1.3

tail -f […]/port-443/*.log

==> stderr.log <==
2015/02/01 01:35:34 [alert] 15134#0: worker process 15139 exited on
signal
11
2015/02/01 01:35:34 [alert] 15134#0: shared memory zone “SSL” was locked
by
15139
2015/02/01 01:35:42 [alert] 15134#0: worker process 15138 exited on
signal
11
2015/02/01 01:35:42 [alert] 15134#0: shared memory zone “SSL” was locked
by
15138
2015/02/01 01:35:49 [alert] 15134#0: worker process 15140 exited on
signal
11
2015/02/01 01:35:49 [alert] 15134#0: shared memory zone “SSL” was locked
by
15140
2015/02/01 01:36:20 [alert] 15134#0: worker process 15584 exited on
signal
11
2015/02/01 01:36:20 [alert] 15134#0: shared memory zone “SSL” was locked
by
15584
2015/02/01 01:36:27 [alert] 15134#0: worker process 15586 exited on
signal
11
2015/02/01 01:36:27 [alert] 15134#0: shared memory zone “SSL” was locked
by
15586
2015/02/01 01:36:34 [alert] 15134#0: worker process 15585 exited on
signal
11
2015/02/01 01:36:34 [alert] 15134#0: shared memory zone “SSL” was locked
by
15585

tail -f […]/vhost_123/port-443/*.log

==> stderr.log <==
2015/02/01 01:36:13 [alert] 15584#0: *54 ignoring stale global SSL error
(SSL: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you
should
not call) while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:443
2015/02/01 01:36:20 [alert] 15586#0: *55 ignoring stale global SSL error
(SSL: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you
should
not call) while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:443
2015/02/01 01:36:27 [alert] 15585#0: *56 ignoring stale global SSL error
(SSL: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you
should
not call) while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:443

Posted at Nginx Forum:

2

“no OpenSSL types or functions are exposed.”
http://www.openbsd.org/papers/eurobsdcon2014-libressl.html

Posted at Nginx Forum:

3

Hello!

On Sun, Feb 01, 2015 at 10:56:37AM -0500, 173279834462 wrote:

nginx 1.6.2 + libressl 2.1.3

If you want to use nginx with LibreSSL, consider using nginx 1.7.x
(1.7.4 at least).

Also make sure to actually compile nginx with LibreSSL, not just
loading LibreSSL library instead of OpenSSL. There is no binary
compatibility between the two, and segmentation faults are
expected if you’ll just switch one for another.


Maxim D.
http://nginx.org/

4

I am coming precisely from nginx 1.7.9 + libressl 2.1.3, configured as
you
mentioned.

As 1.7.9 kept crashing, we downgraded to “stable” 1.6.4.

Chapter closed then. We are back to 1.7.9…

P.S. Did anybody note that the login to the forum does not use https?

Posted at Nginx Forum:

5

Maxim D. Wrote:

If you see problems with nginx 1.7.9, consider following hints
at Debugging | NGINX.
I think it will not help (at least if not did by anyone who really knows
both openssl and nginx internals).
the problem is quickly traceable to

long
ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
{
CERT *cert;

    cert = ctx->cert;

    switch (cmd) {
    case SSL_CTRL_SET_TMP_RSA_CB:
            SSLerr(SSL_F_SSL3_CTX_CTRL,

ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
(yes, this occurence, exactly)

inside libressl-2.1.3/ssl/s3_lib.c, and this function seems newer called
by
nginx code directly and not supposed to be externally-called at all.
The pure openssl have some pointer-magic in this place, dropped by
libressl
developers (with the data structure itself, so no easy way to bring it
back)

I think the only thing developers may do (if not willing to really
investigate and fix this issue) - just stop declaring nginx
compatibility
with libressl. It not only nonworking, but worse - it cleanly execute
some
garbage instead of code.
(I have full system log of stack-protection mechanics trying to prevent
this)

and yes, 1.7.10 still does the same. The problem itself does not appear
on
any connection, just in some special cases, but easely reproduceable.

Posted at Nginx Forum:

6

Hello!

On Tue, Feb 03, 2015 at 11:34:05AM -0500, 173279834462 wrote:

I am coming precisely from nginx 1.7.9 + libressl 2.1.3, configured as you
mentioned.

As 1.7.9 kept crashing, we downgraded to “stable” 1.6.4.

Chapter closed then. We are back to 1.7.9…

If you see problems with nginx 1.7.9, consider following hints
at Debugging | NGINX.

P.S. Did anybody note that the login to the forum does not use https?

Consider using mailing list instead, see
nginx: support.


Maxim D.
http://nginx.org/

7

and yes, upgrade to libressl 2.1.5 didn’t solve this.

Posted at Nginx Forum:

8

Hello!

On Tue, Mar 17, 2015 at 06:25:51AM -0400, rbqdg9 wrote:

{
inside libressl-2.1.3/ssl/s3_lib.c, and this function seems newer called by
nginx code directly and not supposed to be externally-called at all.
The pure openssl have some pointer-magic in this place, dropped by libressl
developers (with the data structure itself, so no easy way to bring it
back)

I see no magic in the OpenSSL here. It looks like the alert is
due to LibreSSL dropped the support for export ciphers, while
nginx calls SSL_CTX_set_tmp_rsa_callback() to be able to support
them if configured to do so. So, the alert is harmless and can be
safely ignored. It’s just a result of LibreSSL dropping support
for parts of the OpenSSL API nginx uses.

I think the only thing developers may do (if not willing to really
investigate and fix this issue) - just stop declaring nginx compatibility
with libressl. It not only nonworking, but worse - it cleanly execute some
garbage instead of code.

The only thing we declaring is that nginx can be built with
LibreSSL. And it is going to work as long as LibreSSL does the
right thing and don’t deverge from the OpenSSL API too much. We
consider both LibreSSL and BoringSSL to be interesting
experimental libraries, and plan to preserve at least minimal
support as long as it doesn’t require too much effort.

(I have full system log of stack-protection mechanics trying to prevent
this)

and yes, 1.7.10 still does the same. The problem itself does not appear on
any connection, just in some special cases, but easely reproduceable.

So again:


Maxim D.
http://nginx.org/

9

Hello!

On Tue, Mar 17, 2015 at 10:11:48AM -0400, rbqdg9 wrote:

So, the alert is harmless and can be safely ignored.
The real problem - it doesnt, it always accompanied by something like:
nginx[32624] trap invalid opcode ip:47e04d sp:7fff6971ae50 error:0 in
nginx[400000+a0000]
(exactly one “invalid opcode” for each “function you should not call” in
nginx log) and session reset.

What you say sounds wrong - the SSL_CTX_set_tmp_rsa_callback() is
only called while reading the configuration, and it shouldn’t
happen at all at runtime. Either way, as already suggested:

Just discussing your problems won’t help. Make sure to at least
provide enough information for others to reproduce them.


Maxim D.
http://nginx.org/

10

I am on nginx 1.7.10 with LibreSSL 2.1.5.

This is what I see in the error log:

2015/02/03 20:23:30 [alert] 69020#0: *16 ignoring stale global SSL error
(SSL: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you
should
not call) while SSL handshaking, client: […IP…], server: 0.0.0.0:443

I feel that the above is related to the following, because the two
have
occurred together:

SNI: ssl_error_bad_cert_domain on https://

Posted at Nginx Forum:

11

Yes, it’s at least strange.
The reproducing configuration is rather complex task, this newer happens
in
usual browsing session (and not just in parsing config, of course). I’m
still trying to limit it to something I can publish.

Posted at Nginx Forum:

12

So, the alert is harmless and can be safely ignored.
The real problem - it doesnt, it always accompanied by something like:
nginx[32624] trap invalid opcode ip:47e04d sp:7fff6971ae50 error:0 in
nginx[400000+a0000]
(exactly one “invalid opcode” for each “function you should not call” in
nginx log) and session reset.
Or, in different setup - just silent crash.
I can’t belive it “harmless”. (And I didn’t think it is just nginx
problem,
more likely libressl “cleanup” was somewhat unclean)

I’ve commented out SSL_CTX_set_tmp_rsa_callback call in http_ssl_module,
and
it seems right fix for my problem (at least it stops producing invalid
opcode errors)
(I should to try it first, but, wrongly, decided what having !EXPORT in
Ciphers prevents nginx from calling legacy code anyway)

Posted at Nginx Forum:

13

may you just try my “fix”? At least, it will save me time for searching
in
completely wrong place.

— nginx-1.7.10/src/http/modules/ngx_http_ssl_module.c.orig 2015-02-10
15:33:34.000000000 +0100
+++ nginx-1.7.10/src/http/modules/ngx_http_ssl_module.c 2015-03-17
14:55:58.282130993 +0100
@@ -716,7 +716,7 @@
}

 /* a temporary 512-bit RSA key is required for export versions of

MSIE
*/

  • SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx,
    ngx_ssl_rsa512_key_callback);

  • // SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx,
    ngx_ssl_rsa512_key_callback);

    if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
    return NGX_CONF_ERROR;

Posted at Nginx Forum:

14

Will try it.

Posted at Nginx Forum:

15

“fix” applied.

This is what I see when running ssllabs again:

2015/03/17 18:08:33 [crit] 14508#0: *478 SSL_do_handshake() failed (SSL:
error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early) while
SSL
handshaking, client: 64.41.200.104, server: 0.0.0.0:443
2015/03/17 18:08:34 [crit] 14506#0: *479 SSL_do_handshake() failed (SSL:
error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early) while
SSL
handshaking, client: 64.41.200.104, server: 0.0.0.0:443

The “called a function you should not call” did not show up so far.

Will run with the “fix” for a few days. Let see what happens.

Thank you for your time.

Posted at Nginx Forum:

16

The feeling that the problem is related to SNI is getting stronger.

This is the error log when running ssllabs.com on the server:

==> stderr.log <==
2015/03/17 17:12:45 [crit] 40733#0: *925 SSL_do_handshake() failed (SSL:
error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early) while
SSL
handshaking, client: 64.41.200.104, server: 0.0.0.0:443
2015/03/17 17:12:46 [crit] 40733#0: *926 SSL_do_handshake() failed (SSL:
error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early) while
SSL
handshaking, client: 64.41.200.104, server: 0.0.0.0:443

It corresponds to the handshake simulation, and in particular to the
failed
handshakes
with all non-SNI browsers, emphasis on “all”. The SNI clients that fail
are
java7u25 and openssl 0.9.8y.
All other clients succeed.

Posted at Nginx Forum:

17

Update:

The original error “SSL3_CTX_CTRL:called a function you should not cal”
is
no longer on the logs.

The last occurrence dates back to early february:

2015/02/03 20:23:30 [alert] 69020#0: *16 ignoring stale global SSL error
(SSL: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you
should
not call) while SSL handshaking, client: [my-IP], server: 0.0.0.0:443

From my seat that error is gone.

However, I do see the following on the error log when running ssllabs’
server test:

2015/03/19 20:45:24 [crit] 24179#0: *226 SSL_do_handshake() failed (SSL:
error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early) while
SSL
handshaking, client: 64.41.200.101, server: 0.0.0.0:443
2015/03/19 20:45:25 [crit] 24179#0: *227 SSL_do_handshake() failed (SSL:
error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early) while
SSL
handshaking, client: 64.41.200.101, server: 0.0.0.0:443

The timing occurs right before POODLE tests:

BEAST attack Not mitigated server-side (more info) TLS 1.0: 0xc014

I am on nginx 1.7.10 with libressl 2.1.6.

Posted at Nginx Forum: