Segmentation fault is not seen if i don't compile* ./config with* *-enable-weak-ssl-ciphers.*
Is it something I am missing or some more options needs to be provided to ./config ? Thanks Satyam On Mon, 26 Oct 2020 at 20:21, Dmitry Belyavsky <beld...@gmail.com> wrote: > It has nothing to do with the ciphers command... > > On Mon, Oct 26, 2020 at 5:18 PM Satyam Mehrotra <satyam...@gmail.com> > wrote: > >> Dear Dmitry, >> >> >>Are the /usr/local/lib64/libssl.so.1.1 and >> /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you? >> Yes, they are same >> >> gdb openssl core.50178 >> >> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7 >> >> Copyright (C) 2013 Free Software Foundation, Inc. >> >> License GPLv3+: GNU GPL version 3 or later < >> http://gnu.org/licenses/gpl.html> >> >> This is free software: you are free to change and redistribute it. >> >> There is NO WARRANTY, to the extent permitted by law. Type "show >> copying" >> >> and "show warranty" for details. >> >> This GDB was configured as "x86_64-redhat-linux-gnu". >> >> For bug reporting instructions, please see: >> >> <http://www.gnu.org/software/gdb/bugs/>... >> >> Reading symbols from >> /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...done. >> >> [New LWP 50178] >> >> [Thread debugging using libthread_db enabled] >> >> Using host libthread_db library "/lib64/libthread_db.so.1". >> >> Core was generated by `/usr/local/bin/openssl'. >> >> Program terminated with signal 11, Segmentation fault. >> >> #0 do_body (xret=0x7f2bc6a6dcf0, pkey=0x7ffddd58d888, >> x509=0x7f2bc6a7de80 <_dl_fini>, dgst=0x7f2bc6a8af5a, sigopts=0x0, >> policy=0xfffa320300000000, serial=0x7ffddd58f693, >> >> subj=0x7ffddd58f6a6 "HOSTNAME=CentOS7", chtype=140728317048503, >> multirdn=-581372209, email_dn=-581372189, startdate=0x7ffddd58f6f3 >> "HISTSIZE=1000", >> >> enddate=0x7ffddd58f701 "SSH_CLIENT=10.101.14.61 17471 22", >> days=140728317048610, batch=-581372099, verbose=-581372056, >> req=0x7ffddd58f77b, >> >> ext_sect=0x7ffddd58f785 "LD_LIBRARY_PATH=/usr/local/lib64/", >> lconf=0x7ffddd58f7a7, certopt=140728317050463, nameopt=140728317050489, >> default_op=-581370182, >> >> ext_copy=-581370137, selfsign=-581370120, db=<optimized out>, >> db=<optimized out>) at apps/ca.c:1410 >> >> 1410 row[i] = NULL; >> >> >> >> Thanks >> >> Satyam >> >> >> On Mon, 26 Oct 2020 at 19:34, Dmitry Belyavsky <beld...@gmail.com> wrote: >> >>> Are the /usr/local/lib64/libssl.so.1.1 and >>> /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you? >>> If yes, you should try running via gdb to get a backtrace. >>> >>> On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra <satyam...@gmail.com> >>> wrote: >>> >>>> Dear Dmitry, >>>> >>>> As suggested i have build the openssl with -ggdb ( ./config -ggdb >>>> -enable-weak-ssl-ciphers ) and after building i did make install as well. >>>> >>>> The strace output is as below >>>> ============================== >>>> >>>> *strace ./openssl* >>>> >>>> >>>> execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0 >>>> >>>> brk(NULL) = 0x1b4f000 >>>> >>>> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, >>>> 0) = 0x7f3046813000 >>>> >>>> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or >>>> directory) >>>> >>>> open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 >>>> >>>> fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0 >>>> >>>> mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000 >>>> >>>> close(3) = 0 >>>> >>>> open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3 >>>> >>>> read(3, >>>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832) >>>> = 832 >>>> >>>> fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0 >>>> >>>> mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, >>>> 0) = 0x7f3046354000 >>>> >>>> mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0 >>>> >>>> mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE, >>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000 >>>> >>>> close(3) = 0 >>>> >>>> open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3 >>>> >>>> read(3, >>>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) = >>>> 832 >>>> >>>> fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0 >>>> >>>> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, >>>> 0) = 0x7f3046809000 >>>> >>>> mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, >>>> 0) = 0x7f3045e68000 >>>> >>>> mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0 >>>> >>>> mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE, >>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000 >>>> >>>> mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE, >>>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000 >>>> >>>> close(3) = 0 >>>> >>>> open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 >>>> >>>> read(3, >>>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) = >>>> 832 >>>> >>>> fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0 >>>> >>>> mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, >>>> 0) = 0x7f3045c64000 >>>> >>>> mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0 >>>> >>>> mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE, >>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000 >>>> >>>> close(3) = 0 >>>> >>>> open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 >>>> >>>> read(3, >>>> "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832) >>>> = 832 >>>> >>>> fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0 >>>> >>>> mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, >>>> 0) = 0x7f3045a48000 >>>> >>>> mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0 >>>> >>>> mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE, >>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000 >>>> >>>> mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE, >>>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000 >>>> >>>> close(3) = 0 >>>> >>>> open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 >>>> >>>> read(3, >>>> "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = >>>> 832 >>>> >>>> fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0 >>>> >>>> mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, >>>> 0) = 0x7f304567a000 >>>> >>>> mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0 >>>> >>>> mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE, >>>> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000 >>>> >>>> mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE, >>>> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000 >>>> >>>> close(3) = 0 >>>> >>>> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, >>>> 0) = 0x7f3046808000 >>>> >>>> mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, >>>> 0) = 0x7f3046806000 >>>> >>>> arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0 >>>> >>>> mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0 >>>> >>>> mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0 >>>> >>>> mprotect(0x7f3045e66000, 4096, PROT_READ) = 0 >>>> >>>> mprotect(0x7f3046322000, 176128, PROT_READ) = 0 >>>> >>>> mprotect(0x7f30465e4000, 40960, PROT_READ) = 0 >>>> >>>> mprotect(0x692000, 4096, PROT_READ) = 0 >>>> >>>> mprotect(0x7f3046814000, 4096, PROT_READ) = 0 >>>> >>>> munmap(0x7f304680a000, 35929) = 0 >>>> >>>> set_tid_address(0x7f3046806a10) = 47865 >>>> >>>> set_robust_list(0x7f3046806a20, 24) = 0 >>>> >>>> rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[], >>>> sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0 >>>> >>>> rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[], >>>> sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630}, >>>> NULL, 8) = 0 >>>> >>>> rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 >>>> >>>> getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) >>>> = 0 >>>> >>>> --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- >>>> >>>> +++ killed by SIGSEGV (core dumped) +++ >>>> >>>> Segmentation fault >>>> >>>> >>>> >>>> *Thanks* >>>> >>>> *Satyam* >>>> >>>> >>>> >>>> On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <beld...@gmail.com> >>>> wrote: >>>> >>>>> Dear Satyam, >>>>> >>>>> First of all, I'll suggest checking whether the libcrypto/libssl are >>>>> those you've built. It can be done, e.g., via running strace. >>>>> >>>>> I also suggest building openssl with -ggdb (./config -ggdb should do >>>>> the trick). >>>>> >>>>> On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <satyam...@gmail.com> >>>>> wrote: >>>>> >>>>>> Hi Dmitry, >>>>>> >>>>>> >>If you have just built the openssl, try to set the LD_LIBRARY_PATH >>>>>> environment variable pointing to freshly built libcrypto/libssl >>>>>> >>>>>> I try setting the LD_LIBRARY_PATH but it is still crashing >>>>>> >>>>>> *which openssl* >>>>>> >>>>>> * /usr/local/bin/openssl* >>>>>> >>>>>> >>>>>> *export LD_LIBRARY_PATH=/usr/local/lib64/* >>>>>> >>>>>> >>>>>> ls -lhrt >>>>>> >>>>>> total 11M >>>>>> >>>>>> drwxr-xr-x. 2 root root 61 Oct 25 16:27 pkgconfig >>>>>> >>>>>> -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1 >>>>>> >>>>>> -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1 >>>>>> >>>>>> -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a >>>>>> >>>>>> -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a >>>>>> >>>>>> lrwxrwxrwx. 1 root root 16 Oct 26 12:58 libcrypto.so -> >>>>>> libcrypto.so.1.1 >>>>>> >>>>>> lrwxrwxrwx. 1 root root 13 Oct 26 12:58 libssl.so -> >>>>>> libssl.so.1.1 >>>>>> >>>>>> drwxr-xr-x. 2 root root 39 Oct 26 12:58 engines-1.1 >>>>>> >>>>>> >>>>>> >>>>>> *openssl ciphers -V* >>>>>> >>>>>> * Segmentation fault* >>>>>> >>>>>> >>>>>> *gdb ./openssl core.3370 * >>>>>> >>>>>> >>>>>> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7 >>>>>> >>>>>> Copyright (C) 2013 Free Software Foundation, Inc. >>>>>> >>>>>> License GPLv3+: GNU GPL version 3 or later < >>>>>> http://gnu.org/licenses/gpl.html> >>>>>> >>>>>> This is free software: you are free to change and redistribute it. >>>>>> >>>>>> There is NO WARRANTY, to the extent permitted by law. Type "show >>>>>> copying" >>>>>> >>>>>> and "show warranty" for details. >>>>>> >>>>>> This GDB was configured as "x86_64-redhat-linux-gnu". >>>>>> >>>>>> For bug reporting instructions, please see: >>>>>> >>>>>> <http://www.gnu.org/software/gdb/bugs/>... >>>>>> >>>>>> Reading symbols from >>>>>> /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols >>>>>> found)...done. >>>>>> >>>>>> [New LWP 3370] >>>>>> >>>>>> [Thread debugging using libthread_db enabled] >>>>>> >>>>>> Using host libthread_db library "/lib64/libthread_db.so.1". >>>>>> >>>>>> Core was generated by `openssl ciphers -V'. >>>>>> >>>>>> Program terminated with signal 11, Segmentation fault. >>>>>> >>>>>> #0 0x000000000041c53d in do_body.isra.3 () >>>>>> >>>>>> (gdb) bt >>>>>> >>>>>> #0 0x000000000041c53d in do_body.isra.3 () >>>>>> >>>>>> (gdb) >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Thanks >>>>>> >>>>>> Satyam >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <beld...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> If you have just built the openssl, try to set the LD_LIBRARY_PATH >>>>>>> environment variable pointing to freshly built libcrypto/libssl >>>>>>> >>>>>>> On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <satyam...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> Any Suggestions on how this can be done ? >>>>>>>> why openssl binary is crashing if i am compiling it with >>>>>>>> *-enable-weak-ssl-ciphers >>>>>>>> ,* also what is the location of the crash file. >>>>>>>> >>>>>>>> Thanks >>>>>>>> Satyam >>>>>>>> >>>>>>>> On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <satyam...@gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hello Everyone, >>>>>>>>> >>>>>>>>> I have just joined the openssl users community. >>>>>>>>> My requirement is to have the SSLv3 and weak ciphers enable with >>>>>>>>> openssl installation . >>>>>>>>> I have a query regarding enabling SSLv3 protocol and weak ciphers >>>>>>>>> with openssl-1.1.1h installation >>>>>>>>> >>>>>>>>> I have followed the below steps >>>>>>>>> >>>>>>>>> 1) *./config -enable-weak-ssl-ciphers* >>>>>>>>> >>>>>>>>> >>>>>>>>> *2) The Makefile looks as below* >>>>>>>>> >>>>>>>>> *===============================* >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>>>>>>>> >>>>>>>>> >>>>>>>>> ## >>>>>>>>> >>>>>>>>> ## Makefile for OpenSSL >>>>>>>>> >>>>>>>>> ## >>>>>>>>> >>>>>>>>> ## WARNING: do not edit! >>>>>>>>> >>>>>>>>> ## Generated by Configure from Configurations/common0.tmpl, >>>>>>>>> Configurations/unix-Makefile.tmpl, Configurations/common.tmpl >>>>>>>>> >>>>>>>>> >>>>>>>>> PLATFORM=linux-x86_64 >>>>>>>>> >>>>>>>>> OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ >>>>>>>>> no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng >>>>>>>>> no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl >>>>>>>>> no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan >>>>>>>>> no-unit-test no-zlib no-zlib-dynamic >>>>>>>>> >>>>>>>>> CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers") >>>>>>>>> >>>>>>>>> SRCDIR=. >>>>>>>>> >>>>>>>>> BLDDIR=. >>>>>>>>> >>>>>>>>> >>>>>>>>> VERSION=1.1.1h >>>>>>>>> >>>>>>>>> MAJOR=1 >>>>>>>>> >>>>>>>>> MINOR=1.1 >>>>>>>>> >>>>>>>>> SHLIB_VERSION_NUMBER=1.1 >>>>>>>>> >>>>>>>>> SHLIB_VERSION_HISTORY= >>>>>>>>> >>>>>>>>> SHLIB_MAJOR=1 >>>>>>>>> >>>>>>>>> SHLIB_MINOR=1 >>>>>>>>> >>>>>>>>> SHLIB_TARGET=linux-shared >>>>>>>>> >>>>>>>>> SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER) >>>>>>>>> >>>>>>>>> SHLIB_EXT_SIMPLE=.so >>>>>>>>> >>>>>>>>> SHLIB_EXT_IMPORT= >>>>>>>>> >>>>>>>>> >>>>>>>>> LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a >>>>>>>>> >>>>>>>>> SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT) >>>>>>>>> >>>>>>>>> SHLIB_INFO=";" >>>>>>>>> "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" >>>>>>>>> "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";" >>>>>>>>> >>>>>>>>> ENGINES=engines/afalg.so engines/capi.so engines/dasync.so >>>>>>>>> engines/ossltest.so engines/padlock.so >>>>>>>>> >>>>>>>>> @ >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>>>>>>>> >>>>>>>>> >>>>>>>>> if i do any openssl operations it gives error ( core dumped ) >>>>>>>>> >>>>>>>>> >>>>>>>>> *./openssl ciphers -V* >>>>>>>>> >>>>>>>>> * Segmentation fault (core dumped)* >>>>>>>>> >>>>>>>>> >>>>>>>>> *Can someone help me in resolving this issue ?* >>>>>>>>> >>>>>>>>> >>>>>>>>> If i don't use option* "**-enable-weak-ssl-ciphers " *then the >>>>>>>>> above issue is not seen but SSLv3 and weak ciphers do not get enable. >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> Satyam >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> SY, Dmitry Belyavsky >>>>>>> >>>>>> >>>>> >>>>> -- >>>>> SY, Dmitry Belyavsky >>>>> >>>> >>> >>> -- >>> SY, Dmitry Belyavsky >>> >> > > -- > SY, Dmitry Belyavsky >
