On 08/07/16 05:59, [email protected] wrote: > There doesn't seem to be a lot of interest in this, but I figured I > would see if anyone has experienced this previously. > I have successfully compiled OpenSSL with the FIPs > module: openssl-1.0.2h & openssl-fips-2.0.12 > > No problem with this process everything worked as expected. I then > compiled openvpn-2.3.11 enabling fips during compile. I also added the > following code to the openvpn.c in main(): > > OPENSSL_config("XXXX_conf") > #ifdef OPENSSL_FIPS > if (FIPS_mode()) > { > fprintf(stderr,"*** IN FIPS MODE ***\n"); > } > #endif > > and in the openssl.cnf added: > > # Default section > XXXX_conf = XXXX_options > > [ XXXX_options ] > alg_section = algs > > [ algs ] > fips_mode = yes > > all this worked as expected. I compiled all these on an Ubuntu 16.04 > server and a Voyage Linux client. The problem occurred when I attempted > to connect client to server. The server suffered a segmentation fault. > If I go into the openssl.cnf and set fips_mode = no then the Client seg > faults. If I set both sides to fips_mode = no then it works fine. > Running openvpn in "verb 9" gives tons of information. Here are the 10 > lines prior to the fault on the server. > > Thu Jul 7 22:43:36 2016 us=471157 X.X.X.X:23699 TLS: tls_process: chg=1 > ks=S_GOT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 > Thu Jul 7 22:43:36 2016 us=471219 X.X.X.X:23699 ACK reliable_can_send > active=0 current=0 : [5] > Thu Jul 7 22:43:36 2016 us=471357 X.X.X.X:23699 Client pre_master: > 2cee2278 2cf7384e 961c2f61 4e8cce25 496029e6 8e91e6d8 2b06ccba 443af910 > 79846b5c b45e954e 474a8935 243d99e2 > Thu Jul 7 22:43:36 2016 us=471388 X.X.X.X:23699 Client random1: d5d0840e > e429b311 d986349c cbb7da8f 15b21234 671f7edb 2b308233 7418a414 > Thu Jul 7 22:43:36 2016 us=471456 X.X.X.X:23699 Client random2: d2490f44 > b0b2d207 09e906ef edc2586c e9c53d85 3fcca425 91384724 5525796d > Thu Jul 7 22:43:36 2016 us=471568 X.X.X.X:23699 Server pre_master: > 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 > 00000000 00000000 00000000 00000000 > Thu Jul 7 22:43:36 2016 us=471598 X.X.X.X:23699 Server random1: a9982c01 > c234cc62 10be9412 1be49509 045dc1ea a384b405 d17aeda8 4aa1f132 > Thu Jul 7 22:43:36 2016 us=471681 X.X.X.X:23699 Server random2: 7d2ee9d7 > 94600f16 5a986080 5e23b59a ae4e2877 4354d5fa 1eb97d98 4cb8ae0c > Thu Jul 7 22:43:36 2016 us=471759 X.X.X.X:23699 tls1_P_hash sec: > 2cee2278 2cf7384e 961c2f61 4e8cce25 496029e6 8e91e6d8 > Thu Jul 7 22:43:36 2016 us=471877 X.X.X.X:23699 tls1_P_hash seed: > 4f70656e 56504e20 6d617374 65722073 65637265 74d5d084 0ee429b3 11d98634 > 9ccbb7da 8f15b212 34671f7e db2b3082 337418a4 14a9982c 01c234cc 6210be94 > 121be495 09045dc1 eaa384b4 05d17aed a84aa1f1 32 > > Segmentation fault (core dumped) > > And the client side seg faults at the exact same place. I can provide > full logs if anyone wants to look at them. > > thanks for any help anyone can provide.
Please run the OpenVPN instance which core dumps via gdb. When it segfaults, type the command 'bt' (backtrace) and provide us with the complete backtrace. Then we can have an idea where in the code it crashed. Another alternative is to enable core dump files (a global system configuration, not an OpenVPN setting), those files can then be run via gdb and the backtrace can be captured afterwards. Without a backtrace it is nearly impossible to understand why it crashes. Most likely it is related to a NULL pointer, but which pointer will be plain guesswork which mostly would be a lot of wasted time. -- kind regards, David Sommerseth ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
