It has nothing to do with the ciphers command... On Mon, Oct 26, 2020 at 5:18 PM Satyam Mehrotra <satyam...@gmail.com> wrote:
> Dear Dmitry, > > >>Are the /usr/local/lib64/libssl.so.1.1 and > /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you? > Yes, they are same > > gdb openssl core.50178 > > GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7 > > Copyright (C) 2013 Free Software Foundation, Inc. > > License GPLv3+: GNU GPL version 3 or later < > http://gnu.org/licenses/gpl.html> > > This is free software: you are free to change and redistribute it. > > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > > and "show warranty" for details. > > This GDB was configured as "x86_64-redhat-linux-gnu". > > For bug reporting instructions, please see: > > <http://www.gnu.org/software/gdb/bugs/>... > > Reading symbols from > /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...done. > > [New LWP 50178] > > [Thread debugging using libthread_db enabled] > > Using host libthread_db library "/lib64/libthread_db.so.1". > > Core was generated by `/usr/local/bin/openssl'. > > Program terminated with signal 11, Segmentation fault. > > #0 do_body (xret=0x7f2bc6a6dcf0, pkey=0x7ffddd58d888, > x509=0x7f2bc6a7de80 <_dl_fini>, dgst=0x7f2bc6a8af5a, sigopts=0x0, > policy=0xfffa320300000000, serial=0x7ffddd58f693, > > subj=0x7ffddd58f6a6 "HOSTNAME=CentOS7", chtype=140728317048503, > multirdn=-581372209, email_dn=-581372189, startdate=0x7ffddd58f6f3 > "HISTSIZE=1000", > > enddate=0x7ffddd58f701 "SSH_CLIENT=10.101.14.61 17471 22", > days=140728317048610, batch=-581372099, verbose=-581372056, > req=0x7ffddd58f77b, > > ext_sect=0x7ffddd58f785 "LD_LIBRARY_PATH=/usr/local/lib64/", > lconf=0x7ffddd58f7a7, certopt=140728317050463, nameopt=140728317050489, > default_op=-581370182, > > ext_copy=-581370137, selfsign=-581370120, db=<optimized out>, > db=<optimized out>) at apps/ca.c:1410 > > 1410 row[i] = NULL; > > > > Thanks > > Satyam > > > On Mon, 26 Oct 2020 at 19:34, Dmitry Belyavsky <beld...@gmail.com> wrote: > >> Are the /usr/local/lib64/libssl.so.1.1 and >> /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you? >> If yes, you should try running via gdb to get a backtrace. >> >> On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra <satyam...@gmail.com> >> wrote: >> >>> Dear Dmitry, >>> >>> As suggested i have build the openssl with -ggdb ( ./config -ggdb >>> -enable-weak-ssl-ciphers ) and after building i did make install as well. >>> >>> The strace output is as below >>> ============================== >>> >>> *strace ./openssl* >>> >>> >>> execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0 >>> >>> brk(NULL) = 0x1b4f000 >>> >>> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) >>> = 0x7f3046813000 >>> >>> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or >>> directory) >>> >>> open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 >>> >>> fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0 >>> >>> mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000 >>> >>> close(3) = 0 >>> >>> open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3 >>> >>> read(3, >>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832) >>> = 832 >>> >>> fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0 >>> >>> mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, >>> 0) = 0x7f3046354000 >>> >>> mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0 >>> >>> mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE, >>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000 >>> >>> close(3) = 0 >>> >>> open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3 >>> >>> read(3, >>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) = >>> 832 >>> >>> fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0 >>> >>> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) >>> = 0x7f3046809000 >>> >>> mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, >>> 0) = 0x7f3045e68000 >>> >>> mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0 >>> >>> mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE, >>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000 >>> >>> mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE, >>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000 >>> >>> close(3) = 0 >>> >>> open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 >>> >>> read(3, >>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) = >>> 832 >>> >>> fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0 >>> >>> mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, >>> 0) = 0x7f3045c64000 >>> >>> mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0 >>> >>> mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE, >>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000 >>> >>> close(3) = 0 >>> >>> open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 >>> >>> read(3, >>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832) >>> = 832 >>> >>> fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0 >>> >>> mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, >>> 0) = 0x7f3045a48000 >>> >>> mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0 >>> >>> mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE, >>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000 >>> >>> mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE, >>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000 >>> >>> close(3) = 0 >>> >>> open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 >>> >>> read(3, >>> "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = >>> 832 >>> >>> fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0 >>> >>> mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, >>> 0) = 0x7f304567a000 >>> >>> mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0 >>> >>> mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE, >>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000 >>> >>> mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE, >>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000 >>> >>> close(3) = 0 >>> >>> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) >>> = 0x7f3046808000 >>> >>> mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) >>> = 0x7f3046806000 >>> >>> arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0 >>> >>> mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0 >>> >>> mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0 >>> >>> mprotect(0x7f3045e66000, 4096, PROT_READ) = 0 >>> >>> mprotect(0x7f3046322000, 176128, PROT_READ) = 0 >>> >>> mprotect(0x7f30465e4000, 40960, PROT_READ) = 0 >>> >>> mprotect(0x692000, 4096, PROT_READ) = 0 >>> >>> mprotect(0x7f3046814000, 4096, PROT_READ) = 0 >>> >>> munmap(0x7f304680a000, 35929) = 0 >>> >>> set_tid_address(0x7f3046806a10) = 47865 >>> >>> set_robust_list(0x7f3046806a20, 24) = 0 >>> >>> rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[], >>> sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0 >>> >>> rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[], >>> sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630}, >>> NULL, 8) = 0 >>> >>> rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 >>> >>> getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) >>> = 0 >>> >>> --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- >>> >>> +++ killed by SIGSEGV (core dumped) +++ >>> >>> Segmentation fault >>> >>> >>> >>> *Thanks* >>> >>> *Satyam* >>> >>> >>> >>> On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <beld...@gmail.com> >>> wrote: >>> >>>> Dear Satyam, >>>> >>>> First of all, I'll suggest checking whether the libcrypto/libssl are >>>> those you've built. It can be done, e.g., via running strace. >>>> >>>> I also suggest building openssl with -ggdb (./config -ggdb should do >>>> the trick). >>>> >>>> On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <satyam...@gmail.com> >>>> wrote: >>>> >>>>> Hi Dmitry, >>>>> >>>>> >>If you have just built the openssl, try to set the LD_LIBRARY_PATH >>>>> environment variable pointing to freshly built libcrypto/libssl >>>>> >>>>> I try setting the LD_LIBRARY_PATH but it is still crashing >>>>> >>>>> *which openssl* >>>>> >>>>> * /usr/local/bin/openssl* >>>>> >>>>> >>>>> *export LD_LIBRARY_PATH=/usr/local/lib64/* >>>>> >>>>> >>>>> ls -lhrt >>>>> >>>>> total 11M >>>>> >>>>> drwxr-xr-x. 2 root root 61 Oct 25 16:27 pkgconfig >>>>> >>>>> -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1 >>>>> >>>>> -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1 >>>>> >>>>> -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a >>>>> >>>>> -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a >>>>> >>>>> lrwxrwxrwx. 1 root root 16 Oct 26 12:58 libcrypto.so -> >>>>> libcrypto.so.1.1 >>>>> >>>>> lrwxrwxrwx. 1 root root 13 Oct 26 12:58 libssl.so -> >>>>> libssl.so.1.1 >>>>> >>>>> drwxr-xr-x. 2 root root 39 Oct 26 12:58 engines-1.1 >>>>> >>>>> >>>>> >>>>> *openssl ciphers -V* >>>>> >>>>> * Segmentation fault* >>>>> >>>>> >>>>> *gdb ./openssl core.3370 * >>>>> >>>>> >>>>> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7 >>>>> >>>>> Copyright (C) 2013 Free Software Foundation, Inc. >>>>> >>>>> License GPLv3+: GNU GPL version 3 or later < >>>>> http://gnu.org/licenses/gpl.html> >>>>> >>>>> This is free software: you are free to change and redistribute it. >>>>> >>>>> There is NO WARRANTY, to the extent permitted by law. Type "show >>>>> copying" >>>>> >>>>> and "show warranty" for details. >>>>> >>>>> This GDB was configured as "x86_64-redhat-linux-gnu". >>>>> >>>>> For bug reporting instructions, please see: >>>>> >>>>> <http://www.gnu.org/software/gdb/bugs/>... >>>>> >>>>> Reading symbols from >>>>> /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols >>>>> found)...done. >>>>> >>>>> [New LWP 3370] >>>>> >>>>> [Thread debugging using libthread_db enabled] >>>>> >>>>> Using host libthread_db library "/lib64/libthread_db.so.1". >>>>> >>>>> Core was generated by `openssl ciphers -V'. >>>>> >>>>> Program terminated with signal 11, Segmentation fault. >>>>> >>>>> #0 0x000000000041c53d in do_body.isra.3 () >>>>> >>>>> (gdb) bt >>>>> >>>>> #0 0x000000000041c53d in do_body.isra.3 () >>>>> >>>>> (gdb) >>>>> >>>>> >>>>> >>>>> >>>>> Thanks >>>>> >>>>> Satyam >>>>> >>>>> >>>>> >>>>> >>>>> On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <beld...@gmail.com> >>>>> wrote: >>>>> >>>>>> If you have just built the openssl, try to set the LD_LIBRARY_PATH >>>>>> environment variable pointing to freshly built libcrypto/libssl >>>>>> >>>>>> On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <satyam...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> Any Suggestions on how this can be done ? >>>>>>> why openssl binary is crashing if i am compiling it with >>>>>>> *-enable-weak-ssl-ciphers >>>>>>> ,* also what is the location of the crash file. >>>>>>> >>>>>>> Thanks >>>>>>> Satyam >>>>>>> >>>>>>> On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <satyam...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hello Everyone, >>>>>>>> >>>>>>>> I have just joined the openssl users community. >>>>>>>> My requirement is to have the SSLv3 and weak ciphers enable with >>>>>>>> openssl installation . >>>>>>>> I have a query regarding enabling SSLv3 protocol and weak ciphers >>>>>>>> with openssl-1.1.1h installation >>>>>>>> >>>>>>>> I have followed the below steps >>>>>>>> >>>>>>>> 1) *./config -enable-weak-ssl-ciphers* >>>>>>>> >>>>>>>> >>>>>>>> *2) The Makefile looks as below* >>>>>>>> >>>>>>>> *===============================* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>>>>>>> >>>>>>>> >>>>>>>> ## >>>>>>>> >>>>>>>> ## Makefile for OpenSSL >>>>>>>> >>>>>>>> ## >>>>>>>> >>>>>>>> ## WARNING: do not edit! >>>>>>>> >>>>>>>> ## Generated by Configure from Configurations/common0.tmpl, >>>>>>>> Configurations/unix-Makefile.tmpl, Configurations/common.tmpl >>>>>>>> >>>>>>>> >>>>>>>> PLATFORM=linux-x86_64 >>>>>>>> >>>>>>>> OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ >>>>>>>> no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng >>>>>>>> no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl >>>>>>>> no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan >>>>>>>> no-unit-test no-zlib no-zlib-dynamic >>>>>>>> >>>>>>>> CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers") >>>>>>>> >>>>>>>> SRCDIR=. >>>>>>>> >>>>>>>> BLDDIR=. >>>>>>>> >>>>>>>> >>>>>>>> VERSION=1.1.1h >>>>>>>> >>>>>>>> MAJOR=1 >>>>>>>> >>>>>>>> MINOR=1.1 >>>>>>>> >>>>>>>> SHLIB_VERSION_NUMBER=1.1 >>>>>>>> >>>>>>>> SHLIB_VERSION_HISTORY= >>>>>>>> >>>>>>>> SHLIB_MAJOR=1 >>>>>>>> >>>>>>>> SHLIB_MINOR=1 >>>>>>>> >>>>>>>> SHLIB_TARGET=linux-shared >>>>>>>> >>>>>>>> SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER) >>>>>>>> >>>>>>>> SHLIB_EXT_SIMPLE=.so >>>>>>>> >>>>>>>> SHLIB_EXT_IMPORT= >>>>>>>> >>>>>>>> >>>>>>>> LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a >>>>>>>> >>>>>>>> SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT) >>>>>>>> >>>>>>>> SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" >>>>>>>> "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";" >>>>>>>> >>>>>>>> ENGINES=engines/afalg.so engines/capi.so engines/dasync.so >>>>>>>> engines/ossltest.so engines/padlock.so >>>>>>>> >>>>>>>> @ >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>>>>>>> >>>>>>>> >>>>>>>> if i do any openssl operations it gives error ( core dumped ) >>>>>>>> >>>>>>>> >>>>>>>> *./openssl ciphers -V* >>>>>>>> >>>>>>>> * Segmentation fault (core dumped)* >>>>>>>> >>>>>>>> >>>>>>>> *Can someone help me in resolving this issue ?* >>>>>>>> >>>>>>>> >>>>>>>> If i don't use option* "**-enable-weak-ssl-ciphers " *then the >>>>>>>> above issue is not seen but SSLv3 and weak ciphers do not get enable. >>>>>>>> >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>> Satyam >>>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> SY, Dmitry Belyavsky >>>>>> >>>>> >>>> >>>> -- >>>> SY, Dmitry Belyavsky >>>> >>> >> >> -- >> SY, Dmitry Belyavsky >> > -- SY, Dmitry Belyavsky
