nrpe(30187): unaligned trap at 000002000011ab94: 00000001200401ec 2d 31
I've played a bit with nrpe and have come to conclusion it's an openssl itself who issues unaligned access (SSL_accept).
It's an openssl's alpha specific 'OPENSSL_cleanse' function (openssl-1.0.0d/crypto/alphacpuid.pl) Dump of assembler code for function OPENSSL_cleanse: 0x0000020000120d3c <+0>: beq a1,0x20000120da4 <OPENSSL_cleanse+104> 0x0000020000120d40 <+4>: and a0,0x7,v0 0x0000020000120d44 <+8>: andnot a1,0x7,at 0x0000020000120d48 <+12>: beq at,0x20000120d50 <OPENSSL_cleanse+20> 0x0000020000120d4c <+16>: beq v0,0x20000120d84 <OPENSSL_cleanse+72> 0x0000020000120d50 <+20>: ldq_u t0,0(a0) 0x0000020000120d54 <+24>: mov a0,t1 0x0000020000120d58 <+28>: mskbl t0,a0,t0 0x0000020000120d5c <+32>: lda a0,1(a0) 0x0000020000120d60 <+36>: subq a1,0x1,a1 0x0000020000120d64 <+40>: subq v0,0x1,v0 0x0000020000120d68 <+44>: beq a1,0x20000120d70 <OPENSSL_cleanse+52> 0x0000020000120d6c <+48>: bne v0,0x20000120d58 <OPENSSL_cleanse+28> 0x0000020000120d70 <+52>: stq_u t0,0(t1) 0x0000020000120d74 <+56>: beq a1,0x20000120da4 <OPENSSL_cleanse+104> 0x0000020000120d78 <+60>: andnot a1,0x7,at 0x0000020000120d7c <+64>: mov a1,v0 0x0000020000120d80 <+68>: beq at,0x20000120d50 <OPENSSL_cleanse+20> => 0x0000020000120d84 <+72>: stq zero,0(a0) 0x0000020000120d88 <+76>: subq a1,0x8,a1 0x0000020000120d8c <+80>: lda a0,8(a0) 0x0000020000120d90 <+84>: andnot a1,0x7,at 0x0000020000120d94 <+88>: bne at,0x20000120d84 <OPENSSL_cleanse+72> 0x0000020000120d98 <+92>: beq a1,0x20000120da4 <OPENSSL_cleanse+104> 0x0000020000120d9c <+96>: mov a1,v0 0x0000020000120da0 <+100>: br 0x20000120d50 <OPENSSL_cleanse+20> 0x0000020000120da4 <+104>: ret
Minimal reproducer: // gcc cleanse_test.c -o ct -lcrypto #include <openssl/crypto.h> int main(void) { char buffer [128]; int off; int sz; for (off = 0; off < sizeof (buffer); ++off) for (sz = 0; sz < sizeof (buffer) - off; ++sz) OPENSSL_cleanse (buffer + off, sz); return 0; }
And we get the fix from upstream! http://cvs.openssl.org/chngview?cn=21233 Tested on my extended testcase. It fixes not only misalignment, but also memsets _every_ byte to zero. OPENSSL_cleanse did miss some trailing bytes before that patch, so it has security flavour :] Reassigning to base-system.
Pushed as: > 12 Aug 2011; Sergei Trofimovich <slyfox@gentoo.org> openssl-1.0.0d.ebuild, > +files/openssl-1.0.0d-alpha-fix-unalign.patch: > Fix unaligned access on alpha (bug #371561 by Tobias Klausmann). Thanks to > Andy Polyakov <appro@openssl.org> for the fix. Thanks for the report, Tobias!