How to Enable Weak Ciphers OpenSSL 1.1.1h installation

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

How to Enable Weak Ciphers OpenSSL 1.1.1h installation

satyam226
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam

Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

satyam226
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam

Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

Dmitry Belyavsky-3
If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <[hidden email]> wrote:
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam



--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

satyam226
Hi Dmitry,

>>If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

I try setting the LD_LIBRARY_PATH but it is still crashing

      which openssl

      /usr/local/bin/openssl


      export LD_LIBRARY_PATH=/usr/local/lib64/


      ls -lhrt

      total 11M

      drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig

      -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1

      -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1

      -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a

      -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a

       lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so -> libcrypto.so.1.1

       lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so -> libssl.so.1.1

       drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1



       openssl ciphers -V

       Segmentation fault


gdb ./openssl core.3370 


GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols found)...done.

[New LWP 3370]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `openssl ciphers -V'.

Program terminated with signal 11, Segmentation fault.

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) bt

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) 




Thanks

Satyam




On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <[hidden email]> wrote:
If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <[hidden email]> wrote:
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam



--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

Dmitry Belyavsky-3
Dear Satyam,

First of all, I'll suggest checking whether the libcrypto/libssl are those you've built. It can be done, e.g., via running strace.

I also suggest building openssl with -ggdb (./config -ggdb should do the trick).

On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <[hidden email]> wrote:
Hi Dmitry,

>>If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

I try setting the LD_LIBRARY_PATH but it is still crashing

      which openssl

      /usr/local/bin/openssl


      export LD_LIBRARY_PATH=/usr/local/lib64/


      ls -lhrt

      total 11M

      drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig

      -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1

      -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1

      -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a

      -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a

       lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so -> libcrypto.so.1.1

       lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so -> libssl.so.1.1

       drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1



       openssl ciphers -V

       Segmentation fault


gdb ./openssl core.3370 


GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols found)...done.

[New LWP 3370]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `openssl ciphers -V'.

Program terminated with signal 11, Segmentation fault.

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) bt

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) 




Thanks

Satyam




On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <[hidden email]> wrote:
If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <[hidden email]> wrote:
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam



--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

satyam226
Dear Dmitry,

As suggested i have build the openssl with -ggdb  ( ./config -ggdb -enable-weak-ssl-ciphers ) and after building i did make install as well.

The strace output is as below
==============================

strace ./openssl


execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0

brk(NULL)                               = 0x1b4f000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046813000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0

mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000

close(3)                                = 0

open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0

mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3046354000

mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0

mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000

close(3)                                = 0

open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046809000

mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045e68000

mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0

mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000

mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000

close(3)                                = 0

open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0

mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045c64000

mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0

mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000

close(3)                                = 0

open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0

mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045a48000

mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0

mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000

mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000

close(3)                                = 0

open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0

mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f304567a000

mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0

mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000

mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046808000

mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046806000

arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0

mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0

mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0

mprotect(0x7f3045e66000, 4096, PROT_READ) = 0

mprotect(0x7f3046322000, 176128, PROT_READ) = 0

mprotect(0x7f30465e4000, 40960, PROT_READ) = 0

mprotect(0x692000, 4096, PROT_READ)     = 0

mprotect(0x7f3046814000, 4096, PROT_READ) = 0

munmap(0x7f304680a000, 35929)           = 0

set_tid_address(0x7f3046806a10)         = 47865

set_robust_list(0x7f3046806a20, 24)     = 0

rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0

getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0

--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---

+++ killed by SIGSEGV (core dumped) +++

Segmentation fault



Thanks

Satyam




On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

First of all, I'll suggest checking whether the libcrypto/libssl are those you've built. It can be done, e.g., via running strace.

I also suggest building openssl with -ggdb (./config -ggdb should do the trick).

On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <[hidden email]> wrote:
Hi Dmitry,

>>If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

I try setting the LD_LIBRARY_PATH but it is still crashing

      which openssl

      /usr/local/bin/openssl


      export LD_LIBRARY_PATH=/usr/local/lib64/


      ls -lhrt

      total 11M

      drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig

      -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1

      -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1

      -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a

      -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a

       lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so -> libcrypto.so.1.1

       lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so -> libssl.so.1.1

       drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1



       openssl ciphers -V

       Segmentation fault


gdb ./openssl core.3370 


GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols found)...done.

[New LWP 3370]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `openssl ciphers -V'.

Program terminated with signal 11, Segmentation fault.

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) bt

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) 




Thanks

Satyam




On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <[hidden email]> wrote:
If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <[hidden email]> wrote:
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam



--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

Dmitry Belyavsky-3
Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
If yes, you should try running via gdb to get a backtrace.

On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

As suggested i have build the openssl with -ggdb  ( ./config -ggdb -enable-weak-ssl-ciphers ) and after building i did make install as well.

The strace output is as below
==============================

strace ./openssl


execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0

brk(NULL)                               = 0x1b4f000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046813000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0

mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000

close(3)                                = 0

open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0

mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3046354000

mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0

mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000

close(3)                                = 0

open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046809000

mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045e68000

mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0

mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000

mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000

close(3)                                = 0

open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0

mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045c64000

mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0

mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000

close(3)                                = 0

open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0

mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045a48000

mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0

mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000

mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000

close(3)                                = 0

open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0

mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f304567a000

mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0

mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000

mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046808000

mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046806000

arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0

mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0

mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0

mprotect(0x7f3045e66000, 4096, PROT_READ) = 0

mprotect(0x7f3046322000, 176128, PROT_READ) = 0

mprotect(0x7f30465e4000, 40960, PROT_READ) = 0

mprotect(0x692000, 4096, PROT_READ)     = 0

mprotect(0x7f3046814000, 4096, PROT_READ) = 0

munmap(0x7f304680a000, 35929)           = 0

set_tid_address(0x7f3046806a10)         = 47865

set_robust_list(0x7f3046806a20, 24)     = 0

rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0

getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0

--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---

+++ killed by SIGSEGV (core dumped) +++

Segmentation fault



Thanks

Satyam




On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

First of all, I'll suggest checking whether the libcrypto/libssl are those you've built. It can be done, e.g., via running strace.

I also suggest building openssl with -ggdb (./config -ggdb should do the trick).

On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <[hidden email]> wrote:
Hi Dmitry,

>>If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

I try setting the LD_LIBRARY_PATH but it is still crashing

      which openssl

      /usr/local/bin/openssl


      export LD_LIBRARY_PATH=/usr/local/lib64/


      ls -lhrt

      total 11M

      drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig

      -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1

      -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1

      -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a

      -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a

       lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so -> libcrypto.so.1.1

       lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so -> libssl.so.1.1

       drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1



       openssl ciphers -V

       Segmentation fault


gdb ./openssl core.3370 


GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols found)...done.

[New LWP 3370]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `openssl ciphers -V'.

Program terminated with signal 11, Segmentation fault.

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) bt

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) 




Thanks

Satyam




On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <[hidden email]> wrote:
If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <[hidden email]> wrote:
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam



--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

satyam226
Dear Dmitry,

>>Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
Yes, they are same

gdb openssl core.50178

GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...done.

[New LWP 50178]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `/usr/local/bin/openssl'.

Program terminated with signal 11, Segmentation fault.

#0  do_body (xret=0x7f2bc6a6dcf0, pkey=0x7ffddd58d888, x509=0x7f2bc6a7de80 <_dl_fini>, dgst=0x7f2bc6a8af5a, sigopts=0x0, policy=0xfffa320300000000, serial=0x7ffddd58f693, 

    subj=0x7ffddd58f6a6 "HOSTNAME=CentOS7", chtype=140728317048503, multirdn=-581372209, email_dn=-581372189, startdate=0x7ffddd58f6f3 "HISTSIZE=1000", 

    enddate=0x7ffddd58f701 "SSH_CLIENT=10.101.14.61 17471 22", days=140728317048610, batch=-581372099, verbose=-581372056, req=0x7ffddd58f77b, 

    ext_sect=0x7ffddd58f785 "LD_LIBRARY_PATH=/usr/local/lib64/", lconf=0x7ffddd58f7a7, certopt=140728317050463, nameopt=140728317050489, default_op=-581370182, 

    ext_copy=-581370137, selfsign=-581370120, db=<optimized out>, db=<optimized out>) at apps/ca.c:1410

1410         row[i] = NULL;



Thanks

Satyam



On Mon, 26 Oct 2020 at 19:34, Dmitry Belyavsky <[hidden email]> wrote:
Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
If yes, you should try running via gdb to get a backtrace.

On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

As suggested i have build the openssl with -ggdb  ( ./config -ggdb -enable-weak-ssl-ciphers ) and after building i did make install as well.

The strace output is as below
==============================

strace ./openssl


execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0

brk(NULL)                               = 0x1b4f000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046813000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0

mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000

close(3)                                = 0

open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0

mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3046354000

mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0

mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000

close(3)                                = 0

open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046809000

mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045e68000

mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0

mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000

mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000

close(3)                                = 0

open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0

mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045c64000

mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0

mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000

close(3)                                = 0

open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0

mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045a48000

mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0

mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000

mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000

close(3)                                = 0

open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0

mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f304567a000

mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0

mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000

mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046808000

mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046806000

arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0

mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0

mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0

mprotect(0x7f3045e66000, 4096, PROT_READ) = 0

mprotect(0x7f3046322000, 176128, PROT_READ) = 0

mprotect(0x7f30465e4000, 40960, PROT_READ) = 0

mprotect(0x692000, 4096, PROT_READ)     = 0

mprotect(0x7f3046814000, 4096, PROT_READ) = 0

munmap(0x7f304680a000, 35929)           = 0

set_tid_address(0x7f3046806a10)         = 47865

set_robust_list(0x7f3046806a20, 24)     = 0

rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0

getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0

--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---

+++ killed by SIGSEGV (core dumped) +++

Segmentation fault



Thanks

Satyam




On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

First of all, I'll suggest checking whether the libcrypto/libssl are those you've built. It can be done, e.g., via running strace.

I also suggest building openssl with -ggdb (./config -ggdb should do the trick).

On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <[hidden email]> wrote:
Hi Dmitry,

>>If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

I try setting the LD_LIBRARY_PATH but it is still crashing

      which openssl

      /usr/local/bin/openssl


      export LD_LIBRARY_PATH=/usr/local/lib64/


      ls -lhrt

      total 11M

      drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig

      -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1

      -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1

      -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a

      -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a

       lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so -> libcrypto.so.1.1

       lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so -> libssl.so.1.1

       drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1



       openssl ciphers -V

       Segmentation fault


gdb ./openssl core.3370 


GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols found)...done.

[New LWP 3370]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `openssl ciphers -V'.

Program terminated with signal 11, Segmentation fault.

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) bt

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) 




Thanks

Satyam




On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <[hidden email]> wrote:
If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <[hidden email]> wrote:
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam



--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

Dmitry Belyavsky-3
It has nothing to do with the ciphers command...

On Mon, Oct 26, 2020 at 5:18 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

>>Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
Yes, they are same

gdb openssl core.50178

GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...done.

[New LWP 50178]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `/usr/local/bin/openssl'.

Program terminated with signal 11, Segmentation fault.

#0  do_body (xret=0x7f2bc6a6dcf0, pkey=0x7ffddd58d888, x509=0x7f2bc6a7de80 <_dl_fini>, dgst=0x7f2bc6a8af5a, sigopts=0x0, policy=0xfffa320300000000, serial=0x7ffddd58f693, 

    subj=0x7ffddd58f6a6 "HOSTNAME=CentOS7", chtype=140728317048503, multirdn=-581372209, email_dn=-581372189, startdate=0x7ffddd58f6f3 "HISTSIZE=1000", 

    enddate=0x7ffddd58f701 "SSH_CLIENT=10.101.14.61 17471 22", days=140728317048610, batch=-581372099, verbose=-581372056, req=0x7ffddd58f77b, 

    ext_sect=0x7ffddd58f785 "LD_LIBRARY_PATH=/usr/local/lib64/", lconf=0x7ffddd58f7a7, certopt=140728317050463, nameopt=140728317050489, default_op=-581370182, 

    ext_copy=-581370137, selfsign=-581370120, db=<optimized out>, db=<optimized out>) at apps/ca.c:1410

1410         row[i] = NULL;



Thanks

Satyam



On Mon, 26 Oct 2020 at 19:34, Dmitry Belyavsky <[hidden email]> wrote:
Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
If yes, you should try running via gdb to get a backtrace.

On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

As suggested i have build the openssl with -ggdb  ( ./config -ggdb -enable-weak-ssl-ciphers ) and after building i did make install as well.

The strace output is as below
==============================

strace ./openssl


execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0

brk(NULL)                               = 0x1b4f000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046813000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0

mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000

close(3)                                = 0

open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0

mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3046354000

mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0

mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000

close(3)                                = 0

open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046809000

mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045e68000

mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0

mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000

mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000

close(3)                                = 0

open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0

mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045c64000

mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0

mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000

close(3)                                = 0

open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0

mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045a48000

mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0

mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000

mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000

close(3)                                = 0

open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0

mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f304567a000

mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0

mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000

mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046808000

mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046806000

arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0

mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0

mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0

mprotect(0x7f3045e66000, 4096, PROT_READ) = 0

mprotect(0x7f3046322000, 176128, PROT_READ) = 0

mprotect(0x7f30465e4000, 40960, PROT_READ) = 0

mprotect(0x692000, 4096, PROT_READ)     = 0

mprotect(0x7f3046814000, 4096, PROT_READ) = 0

munmap(0x7f304680a000, 35929)           = 0

set_tid_address(0x7f3046806a10)         = 47865

set_robust_list(0x7f3046806a20, 24)     = 0

rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0

getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0

--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---

+++ killed by SIGSEGV (core dumped) +++

Segmentation fault



Thanks

Satyam




On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

First of all, I'll suggest checking whether the libcrypto/libssl are those you've built. It can be done, e.g., via running strace.

I also suggest building openssl with -ggdb (./config -ggdb should do the trick).

On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <[hidden email]> wrote:
Hi Dmitry,

>>If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

I try setting the LD_LIBRARY_PATH but it is still crashing

      which openssl

      /usr/local/bin/openssl


      export LD_LIBRARY_PATH=/usr/local/lib64/


      ls -lhrt

      total 11M

      drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig

      -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1

      -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1

      -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a

      -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a

       lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so -> libcrypto.so.1.1

       lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so -> libssl.so.1.1

       drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1



       openssl ciphers -V

       Segmentation fault


gdb ./openssl core.3370 


GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols found)...done.

[New LWP 3370]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `openssl ciphers -V'.

Program terminated with signal 11, Segmentation fault.

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) bt

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) 




Thanks

Satyam




On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <[hidden email]> wrote:
If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <[hidden email]> wrote:
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam



--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

satyam226
Segmentation fault is not seen if i don't compile ./config with -enable-weak-ssl-ciphers.

Is it something I am missing or some more options needs to be provided to ./config ?

Thanks
Satyam

On Mon, 26 Oct 2020 at 20:21, Dmitry Belyavsky <[hidden email]> wrote:
It has nothing to do with the ciphers command...

On Mon, Oct 26, 2020 at 5:18 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

>>Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
Yes, they are same

gdb openssl core.50178

GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...done.

[New LWP 50178]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `/usr/local/bin/openssl'.

Program terminated with signal 11, Segmentation fault.

#0  do_body (xret=0x7f2bc6a6dcf0, pkey=0x7ffddd58d888, x509=0x7f2bc6a7de80 <_dl_fini>, dgst=0x7f2bc6a8af5a, sigopts=0x0, policy=0xfffa320300000000, serial=0x7ffddd58f693, 

    subj=0x7ffddd58f6a6 "HOSTNAME=CentOS7", chtype=140728317048503, multirdn=-581372209, email_dn=-581372189, startdate=0x7ffddd58f6f3 "HISTSIZE=1000", 

    enddate=0x7ffddd58f701 "SSH_CLIENT=10.101.14.61 17471 22", days=140728317048610, batch=-581372099, verbose=-581372056, req=0x7ffddd58f77b, 

    ext_sect=0x7ffddd58f785 "LD_LIBRARY_PATH=/usr/local/lib64/", lconf=0x7ffddd58f7a7, certopt=140728317050463, nameopt=140728317050489, default_op=-581370182, 

    ext_copy=-581370137, selfsign=-581370120, db=<optimized out>, db=<optimized out>) at apps/ca.c:1410

1410         row[i] = NULL;



Thanks

Satyam



On Mon, 26 Oct 2020 at 19:34, Dmitry Belyavsky <[hidden email]> wrote:
Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
If yes, you should try running via gdb to get a backtrace.

On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

As suggested i have build the openssl with -ggdb  ( ./config -ggdb -enable-weak-ssl-ciphers ) and after building i did make install as well.

The strace output is as below
==============================

strace ./openssl


execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0

brk(NULL)                               = 0x1b4f000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046813000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0

mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000

close(3)                                = 0

open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0

mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3046354000

mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0

mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000

close(3)                                = 0

open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046809000

mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045e68000

mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0

mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000

mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000

close(3)                                = 0

open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0

mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045c64000

mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0

mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000

close(3)                                = 0

open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0

mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045a48000

mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0

mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000

mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000

close(3)                                = 0

open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0

mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f304567a000

mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0

mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000

mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046808000

mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046806000

arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0

mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0

mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0

mprotect(0x7f3045e66000, 4096, PROT_READ) = 0

mprotect(0x7f3046322000, 176128, PROT_READ) = 0

mprotect(0x7f30465e4000, 40960, PROT_READ) = 0

mprotect(0x692000, 4096, PROT_READ)     = 0

mprotect(0x7f3046814000, 4096, PROT_READ) = 0

munmap(0x7f304680a000, 35929)           = 0

set_tid_address(0x7f3046806a10)         = 47865

set_robust_list(0x7f3046806a20, 24)     = 0

rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0

getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0

--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---

+++ killed by SIGSEGV (core dumped) +++

Segmentation fault



Thanks

Satyam




On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

First of all, I'll suggest checking whether the libcrypto/libssl are those you've built. It can be done, e.g., via running strace.

I also suggest building openssl with -ggdb (./config -ggdb should do the trick).

On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <[hidden email]> wrote:
Hi Dmitry,

>>If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

I try setting the LD_LIBRARY_PATH but it is still crashing

      which openssl

      /usr/local/bin/openssl


      export LD_LIBRARY_PATH=/usr/local/lib64/


      ls -lhrt

      total 11M

      drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig

      -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1

      -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1

      -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a

      -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a

       lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so -> libcrypto.so.1.1

       lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so -> libssl.so.1.1

       drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1



       openssl ciphers -V

       Segmentation fault


gdb ./openssl core.3370 


GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols found)...done.

[New LWP 3370]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `openssl ciphers -V'.

Program terminated with signal 11, Segmentation fault.

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) bt

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) 




Thanks

Satyam




On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <[hidden email]> wrote:
If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <[hidden email]> wrote:
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam



--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

Dmitry Belyavsky-3
Dear Satyam,

Do I correctly understand that 
- you built openssl-1.1.1h from scratch with -enable-weak-ssl-ciphers
- installed it
-run some command? Which one(s)? Initially, you were speaking about 'ciphers', but the stack trace is from the 'ca'.

On Mon, Oct 26, 2020 at 7:26 PM Satyam Mehrotra <[hidden email]> wrote:
Segmentation fault is not seen if i don't compile ./config with -enable-weak-ssl-ciphers.

Is it something I am missing or some more options needs to be provided to ./config ?

Thanks
Satyam

On Mon, 26 Oct 2020 at 20:21, Dmitry Belyavsky <[hidden email]> wrote:
It has nothing to do with the ciphers command...

On Mon, Oct 26, 2020 at 5:18 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

>>Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
Yes, they are same

gdb openssl core.50178

GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...done.

[New LWP 50178]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `/usr/local/bin/openssl'.

Program terminated with signal 11, Segmentation fault.

#0  do_body (xret=0x7f2bc6a6dcf0, pkey=0x7ffddd58d888, x509=0x7f2bc6a7de80 <_dl_fini>, dgst=0x7f2bc6a8af5a, sigopts=0x0, policy=0xfffa320300000000, serial=0x7ffddd58f693, 

    subj=0x7ffddd58f6a6 "HOSTNAME=CentOS7", chtype=140728317048503, multirdn=-581372209, email_dn=-581372189, startdate=0x7ffddd58f6f3 "HISTSIZE=1000", 

    enddate=0x7ffddd58f701 "SSH_CLIENT=10.101.14.61 17471 22", days=140728317048610, batch=-581372099, verbose=-581372056, req=0x7ffddd58f77b, 

    ext_sect=0x7ffddd58f785 "LD_LIBRARY_PATH=/usr/local/lib64/", lconf=0x7ffddd58f7a7, certopt=140728317050463, nameopt=140728317050489, default_op=-581370182, 

    ext_copy=-581370137, selfsign=-581370120, db=<optimized out>, db=<optimized out>) at apps/ca.c:1410

1410         row[i] = NULL;



Thanks

Satyam



On Mon, 26 Oct 2020 at 19:34, Dmitry Belyavsky <[hidden email]> wrote:
Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
If yes, you should try running via gdb to get a backtrace.

On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

As suggested i have build the openssl with -ggdb  ( ./config -ggdb -enable-weak-ssl-ciphers ) and after building i did make install as well.

The strace output is as below
==============================

strace ./openssl


execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0

brk(NULL)                               = 0x1b4f000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046813000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0

mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000

close(3)                                = 0

open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0

mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3046354000

mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0

mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000

close(3)                                = 0

open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046809000

mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045e68000

mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0

mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000

mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000

close(3)                                = 0

open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0

mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045c64000

mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0

mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000

close(3)                                = 0

open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0

mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045a48000

mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0

mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000

mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000

close(3)                                = 0

open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0

mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f304567a000

mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0

mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000

mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046808000

mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046806000

arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0

mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0

mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0

mprotect(0x7f3045e66000, 4096, PROT_READ) = 0

mprotect(0x7f3046322000, 176128, PROT_READ) = 0

mprotect(0x7f30465e4000, 40960, PROT_READ) = 0

mprotect(0x692000, 4096, PROT_READ)     = 0

mprotect(0x7f3046814000, 4096, PROT_READ) = 0

munmap(0x7f304680a000, 35929)           = 0

set_tid_address(0x7f3046806a10)         = 47865

set_robust_list(0x7f3046806a20, 24)     = 0

rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0

getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0

--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---

+++ killed by SIGSEGV (core dumped) +++

Segmentation fault



Thanks

Satyam




On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

First of all, I'll suggest checking whether the libcrypto/libssl are those you've built. It can be done, e.g., via running strace.

I also suggest building openssl with -ggdb (./config -ggdb should do the trick).

On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <[hidden email]> wrote:
Hi Dmitry,

>>If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

I try setting the LD_LIBRARY_PATH but it is still crashing

      which openssl

      /usr/local/bin/openssl


      export LD_LIBRARY_PATH=/usr/local/lib64/


      ls -lhrt

      total 11M

      drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig

      -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1

      -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1

      -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a

      -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a

       lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so -> libcrypto.so.1.1

       lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so -> libssl.so.1.1

       drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1



       openssl ciphers -V

       Segmentation fault


gdb ./openssl core.3370 


GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols found)...done.

[New LWP 3370]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `openssl ciphers -V'.

Program terminated with signal 11, Segmentation fault.

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) bt

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) 




Thanks

Satyam




On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <[hidden email]> wrote:
If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <[hidden email]> wrote:
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam



--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

satyam226
Dear Dmitry,

The below is the process i have followed
      -     Downloaded the openssl-1.1.1h from the  official OpenSSL site
      -     ./config -ggdb -enable-weak-ssl-ciphers
   -   make
   -   make install
   -   Execute openSSL command ( Looks like any openSSL command the binary is crashing )
          openssl version

          Segmentation fault (core dumped)


          openssl ciphers -V

          Segmentation fault (core dumped)


          openssl

          Segmentation fault (core dumped)


Thanks

Satyam


On Mon, 26 Oct 2020 at 21:59, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

Do I correctly understand that 
- you built openssl-1.1.1h from scratch with -enable-weak-ssl-ciphers
- installed it
-run some command? Which one(s)? Initially, you were speaking about 'ciphers', but the stack trace is from the 'ca'.

On Mon, Oct 26, 2020 at 7:26 PM Satyam Mehrotra <[hidden email]> wrote:
Segmentation fault is not seen if i don't compile ./config with -enable-weak-ssl-ciphers.

Is it something I am missing or some more options needs to be provided to ./config ?

Thanks
Satyam

On Mon, 26 Oct 2020 at 20:21, Dmitry Belyavsky <[hidden email]> wrote:
It has nothing to do with the ciphers command...

On Mon, Oct 26, 2020 at 5:18 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

>>Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
Yes, they are same

gdb openssl core.50178

GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...done.

[New LWP 50178]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `/usr/local/bin/openssl'.

Program terminated with signal 11, Segmentation fault.

#0  do_body (xret=0x7f2bc6a6dcf0, pkey=0x7ffddd58d888, x509=0x7f2bc6a7de80 <_dl_fini>, dgst=0x7f2bc6a8af5a, sigopts=0x0, policy=0xfffa320300000000, serial=0x7ffddd58f693, 

    subj=0x7ffddd58f6a6 "HOSTNAME=CentOS7", chtype=140728317048503, multirdn=-581372209, email_dn=-581372189, startdate=0x7ffddd58f6f3 "HISTSIZE=1000", 

    enddate=0x7ffddd58f701 "SSH_CLIENT=10.101.14.61 17471 22", days=140728317048610, batch=-581372099, verbose=-581372056, req=0x7ffddd58f77b, 

    ext_sect=0x7ffddd58f785 "LD_LIBRARY_PATH=/usr/local/lib64/", lconf=0x7ffddd58f7a7, certopt=140728317050463, nameopt=140728317050489, default_op=-581370182, 

    ext_copy=-581370137, selfsign=-581370120, db=<optimized out>, db=<optimized out>) at apps/ca.c:1410

1410         row[i] = NULL;



Thanks

Satyam



On Mon, 26 Oct 2020 at 19:34, Dmitry Belyavsky <[hidden email]> wrote:
Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
If yes, you should try running via gdb to get a backtrace.

On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

As suggested i have build the openssl with -ggdb  ( ./config -ggdb -enable-weak-ssl-ciphers ) and after building i did make install as well.

The strace output is as below
==============================

strace ./openssl


execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0

brk(NULL)                               = 0x1b4f000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046813000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0

mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000

close(3)                                = 0

open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0

mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3046354000

mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0

mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000

close(3)                                = 0

open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046809000

mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045e68000

mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0

mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000

mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000

close(3)                                = 0

open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0

mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045c64000

mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0

mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000

close(3)                                = 0

open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0

mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045a48000

mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0

mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000

mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000

close(3)                                = 0

open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0

mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f304567a000

mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0

mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000

mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046808000

mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046806000

arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0

mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0

mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0

mprotect(0x7f3045e66000, 4096, PROT_READ) = 0

mprotect(0x7f3046322000, 176128, PROT_READ) = 0

mprotect(0x7f30465e4000, 40960, PROT_READ) = 0

mprotect(0x692000, 4096, PROT_READ)     = 0

mprotect(0x7f3046814000, 4096, PROT_READ) = 0

munmap(0x7f304680a000, 35929)           = 0

set_tid_address(0x7f3046806a10)         = 47865

set_robust_list(0x7f3046806a20, 24)     = 0

rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0

getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0

--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---

+++ killed by SIGSEGV (core dumped) +++

Segmentation fault



Thanks

Satyam




On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

First of all, I'll suggest checking whether the libcrypto/libssl are those you've built. It can be done, e.g., via running strace.

I also suggest building openssl with -ggdb (./config -ggdb should do the trick).

On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <[hidden email]> wrote:
Hi Dmitry,

>>If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

I try setting the LD_LIBRARY_PATH but it is still crashing

      which openssl

      /usr/local/bin/openssl


      export LD_LIBRARY_PATH=/usr/local/lib64/


      ls -lhrt

      total 11M

      drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig

      -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1

      -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1

      -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a

      -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a

       lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so -> libcrypto.so.1.1

       lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so -> libssl.so.1.1

       drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1



       openssl ciphers -V

       Segmentation fault


gdb ./openssl core.3370 


GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols found)...done.

[New LWP 3370]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `openssl ciphers -V'.

Program terminated with signal 11, Segmentation fault.

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) bt

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) 




Thanks

Satyam




On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <[hidden email]> wrote:
If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <[hidden email]> wrote:
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam



--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

Dmitry Belyavsky-3
Dear Satyam,

It looks like a compiler bug for me.

When configured via ./config -ggdb -O0 -enable-weak-ssl-ciphers, I get the code working. The same happens when -O1 is in use.
When I either omit optimization (which implies -O3) or specify -O2, I get a segfault.

On Mon, Oct 26, 2020 at 8:09 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

The below is the process i have followed
      -     Downloaded the openssl-1.1.1h from the  official OpenSSL site
      -     ./config -ggdb -enable-weak-ssl-ciphers
   -   make
   -   make install
   -   Execute openSSL command ( Looks like any openSSL command the binary is crashing )
          openssl version

          Segmentation fault (core dumped)


          openssl ciphers -V

          Segmentation fault (core dumped)


          openssl

          Segmentation fault (core dumped)


Thanks

Satyam


On Mon, 26 Oct 2020 at 21:59, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

Do I correctly understand that 
- you built openssl-1.1.1h from scratch with -enable-weak-ssl-ciphers
- installed it
-run some command? Which one(s)? Initially, you were speaking about 'ciphers', but the stack trace is from the 'ca'.

On Mon, Oct 26, 2020 at 7:26 PM Satyam Mehrotra <[hidden email]> wrote:
Segmentation fault is not seen if i don't compile ./config with -enable-weak-ssl-ciphers.

Is it something I am missing or some more options needs to be provided to ./config ?

Thanks
Satyam

On Mon, 26 Oct 2020 at 20:21, Dmitry Belyavsky <[hidden email]> wrote:
It has nothing to do with the ciphers command...

On Mon, Oct 26, 2020 at 5:18 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

>>Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
Yes, they are same

gdb openssl core.50178

GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...done.

[New LWP 50178]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `/usr/local/bin/openssl'.

Program terminated with signal 11, Segmentation fault.

#0  do_body (xret=0x7f2bc6a6dcf0, pkey=0x7ffddd58d888, x509=0x7f2bc6a7de80 <_dl_fini>, dgst=0x7f2bc6a8af5a, sigopts=0x0, policy=0xfffa320300000000, serial=0x7ffddd58f693, 

    subj=0x7ffddd58f6a6 "HOSTNAME=CentOS7", chtype=140728317048503, multirdn=-581372209, email_dn=-581372189, startdate=0x7ffddd58f6f3 "HISTSIZE=1000", 

    enddate=0x7ffddd58f701 "SSH_CLIENT=10.101.14.61 17471 22", days=140728317048610, batch=-581372099, verbose=-581372056, req=0x7ffddd58f77b, 

    ext_sect=0x7ffddd58f785 "LD_LIBRARY_PATH=/usr/local/lib64/", lconf=0x7ffddd58f7a7, certopt=140728317050463, nameopt=140728317050489, default_op=-581370182, 

    ext_copy=-581370137, selfsign=-581370120, db=<optimized out>, db=<optimized out>) at apps/ca.c:1410

1410         row[i] = NULL;



Thanks

Satyam



On Mon, 26 Oct 2020 at 19:34, Dmitry Belyavsky <[hidden email]> wrote:
Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
If yes, you should try running via gdb to get a backtrace.

On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

As suggested i have build the openssl with -ggdb  ( ./config -ggdb -enable-weak-ssl-ciphers ) and after building i did make install as well.

The strace output is as below
==============================

strace ./openssl


execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0

brk(NULL)                               = 0x1b4f000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046813000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0

mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000

close(3)                                = 0

open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0

mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3046354000

mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0

mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000

close(3)                                = 0

open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046809000

mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045e68000

mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0

mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000

mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000

close(3)                                = 0

open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0

mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045c64000

mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0

mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000

close(3)                                = 0

open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0

mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045a48000

mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0

mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000

mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000

close(3)                                = 0

open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0

mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f304567a000

mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0

mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000

mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046808000

mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046806000

arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0

mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0

mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0

mprotect(0x7f3045e66000, 4096, PROT_READ) = 0

mprotect(0x7f3046322000, 176128, PROT_READ) = 0

mprotect(0x7f30465e4000, 40960, PROT_READ) = 0

mprotect(0x692000, 4096, PROT_READ)     = 0

mprotect(0x7f3046814000, 4096, PROT_READ) = 0

munmap(0x7f304680a000, 35929)           = 0

set_tid_address(0x7f3046806a10)         = 47865

set_robust_list(0x7f3046806a20, 24)     = 0

rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0

getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0

--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---

+++ killed by SIGSEGV (core dumped) +++

Segmentation fault



Thanks

Satyam




On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

First of all, I'll suggest checking whether the libcrypto/libssl are those you've built. It can be done, e.g., via running strace.

I also suggest building openssl with -ggdb (./config -ggdb should do the trick).

On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <[hidden email]> wrote:
Hi Dmitry,

>>If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

I try setting the LD_LIBRARY_PATH but it is still crashing

      which openssl

      /usr/local/bin/openssl


      export LD_LIBRARY_PATH=/usr/local/lib64/


      ls -lhrt

      total 11M

      drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig

      -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1

      -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1

      -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a

      -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a

       lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so -> libcrypto.so.1.1

       lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so -> libssl.so.1.1

       drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1



       openssl ciphers -V

       Segmentation fault


gdb ./openssl core.3370 


GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols found)...done.

[New LWP 3370]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `openssl ciphers -V'.

Program terminated with signal 11, Segmentation fault.

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) bt

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) 




Thanks

Satyam




On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <[hidden email]> wrote:
If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <[hidden email]> wrote:
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam



--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: How to Enable Weak Ciphers OpenSSL 1.1.1h installation

Dmitry Belyavsky-3
In reply to this post by Dmitry Belyavsky-3
Wow!

I was unattentive :(

The leading minus before enable-weak-ssl-ciphers was the problem. Many thanks Satyam!

On Mon, Oct 26, 2020 at 8:41 PM Satyam Mehrotra <[hidden email]> wrote:
I think i have resolved it . if you use the following option and then do a make , the openssl binary don't crash

./config -ggdb enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method no-shared


What is the significance of no-shared ?  why we have to use this option


Thanks

Satyam


On Mon, 26 Oct 2020 at 22:59, Dmitry Belyavsky <[hidden email]> wrote:
Many thanks!

I could reproduce the bug.

On Mon, Oct 26, 2020 at 8:10 PM Satyam Mehrotra <[hidden email]> wrote:
No Worries Dmitry !!
I have send the sequence in the main mail thread.

Thanks
Satyam

On Mon, 26 Oct 2020 at 22:10, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

Sorry, but no. If you send the way to reproduce the bug, I'll take a look at it.

On Mon, Oct 26, 2020 at 7:38 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

Is it possible to have meeting on GoToMeeting?
I can send the invite and then i can share my screen.
Probably, that will be faster and quick to resolve.

Thanks
Satyam

On Mon, 26 Oct 2020 at 21:59, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

Do I correctly understand that 
- you built openssl-1.1.1h from scratch with -enable-weak-ssl-ciphers
- installed it
-run some command? Which one(s)? Initially, you were speaking about 'ciphers', but the stack trace is from the 'ca'.

On Mon, Oct 26, 2020 at 7:26 PM Satyam Mehrotra <[hidden email]> wrote:
Segmentation fault is not seen if i don't compile ./config with -enable-weak-ssl-ciphers.

Is it something I am missing or some more options needs to be provided to ./config ?

Thanks
Satyam

On Mon, 26 Oct 2020 at 20:21, Dmitry Belyavsky <[hidden email]> wrote:
It has nothing to do with the ciphers command...

On Mon, Oct 26, 2020 at 5:18 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

>>Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
Yes, they are same

gdb openssl core.50178

GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...done.

[New LWP 50178]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `/usr/local/bin/openssl'.

Program terminated with signal 11, Segmentation fault.

#0  do_body (xret=0x7f2bc6a6dcf0, pkey=0x7ffddd58d888, x509=0x7f2bc6a7de80 <_dl_fini>, dgst=0x7f2bc6a8af5a, sigopts=0x0, policy=0xfffa320300000000, serial=0x7ffddd58f693, 

    subj=0x7ffddd58f6a6 "HOSTNAME=CentOS7", chtype=140728317048503, multirdn=-581372209, email_dn=-581372189, startdate=0x7ffddd58f6f3 "HISTSIZE=1000", 

    enddate=0x7ffddd58f701 "SSH_CLIENT=10.101.14.61 17471 22", days=140728317048610, batch=-581372099, verbose=-581372056, req=0x7ffddd58f77b, 

    ext_sect=0x7ffddd58f785 "LD_LIBRARY_PATH=/usr/local/lib64/", lconf=0x7ffddd58f7a7, certopt=140728317050463, nameopt=140728317050489, default_op=-581370182, 

    ext_copy=-581370137, selfsign=-581370120, db=<optimized out>, db=<optimized out>) at apps/ca.c:1410

1410         row[i] = NULL;



Thanks

Satyam



On Mon, 26 Oct 2020 at 19:34, Dmitry Belyavsky <[hidden email]> wrote:
Are the /usr/local/lib64/libssl.so.1.1 and /usr/local/lib64/libcrypto.so.1.1 the same libraries that were built by you?
If yes, you should try running via gdb to get a backtrace.

On Mon, Oct 26, 2020 at 4:54 PM Satyam Mehrotra <[hidden email]> wrote:
Dear Dmitry,

As suggested i have build the openssl with -ggdb  ( ./config -ggdb -enable-weak-ssl-ciphers ) and after building i did make install as well.

The strace output is as below
==============================

strace ./openssl


execve("./openssl", ["./openssl"], 0x7ffc8151b3d0 /* 27 vars */) = 0

brk(NULL)                               = 0x1b4f000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046813000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=35929, ...}) = 0

mmap(NULL, 35929, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f304680a000

close(3)                                = 0

open("/usr/local/lib64/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\24\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=742664, ...}) = 0

mmap(NULL, 2748352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3046354000

mprotect(0x7f30463e4000, 2097152, PROT_NONE) = 0

mmap(0x7f30465e4000, 61440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x90000) = 0x7f30465e4000

close(3)                                = 0

open("/usr/local/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0p\7\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=3397280, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046809000

mmap(NULL, 5158840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045e68000

mprotect(0x7f3046122000, 2097152, PROT_NONE) = 0

mmap(0x7f3046322000, 188416, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2ba000) = 0x7f3046322000

mmap(0x7f3046350000, 14264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3046350000

close(3)                                = 0

open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\16\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=19248, ...}) = 0

mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045c64000

mprotect(0x7f3045c66000, 2097152, PROT_NONE) = 0

mmap(0x7f3045e66000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f3045e66000

close(3)                                = 0

open("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200m\0\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=142144, ...}) = 0

mmap(NULL, 2208904, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3045a48000

mprotect(0x7f3045a5f000, 2093056, PROT_NONE) = 0

mmap(0x7f3045c5e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f3045c5e000

mmap(0x7f3045c60000, 13448, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045c60000

close(3)                                = 0

open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3

read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=2156240, ...}) = 0

mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f304567a000

mprotect(0x7f304583d000, 2097152, PROT_NONE) = 0

mmap(0x7f3045a3d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f3045a3d000

mmap(0x7f3045a43000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3045a43000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046808000

mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3046806000

arch_prctl(ARCH_SET_FS, 0x7f3046806740) = 0

mprotect(0x7f3045a3d000, 16384, PROT_READ) = 0

mprotect(0x7f3045c5e000, 4096, PROT_READ) = 0

mprotect(0x7f3045e66000, 4096, PROT_READ) = 0

mprotect(0x7f3046322000, 176128, PROT_READ) = 0

mprotect(0x7f30465e4000, 40960, PROT_READ) = 0

mprotect(0x692000, 4096, PROT_READ)     = 0

mprotect(0x7f3046814000, 4096, PROT_READ) = 0

munmap(0x7f304680a000, 35929)           = 0

set_tid_address(0x7f3046806a10)         = 47865

set_robust_list(0x7f3046806a20, 24)     = 0

rt_sigaction(SIGRTMIN, {sa_handler=0x7f3045a4e860, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigaction(SIGRT_1, {sa_handler=0x7f3045a4e8f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3045a57630}, NULL, 8) = 0

rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0

getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0

--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---

+++ killed by SIGSEGV (core dumped) +++

Segmentation fault



Thanks

Satyam




On Mon, 26 Oct 2020 at 17:50, Dmitry Belyavsky <[hidden email]> wrote:
Dear Satyam,

First of all, I'll suggest checking whether the libcrypto/libssl are those you've built. It can be done, e.g., via running strace.

I also suggest building openssl with -ggdb (./config -ggdb should do the trick).

On Mon, Oct 26, 2020 at 11:34 AM Satyam Mehrotra <[hidden email]> wrote:
Hi Dmitry,

>>If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

I try setting the LD_LIBRARY_PATH but it is still crashing

      which openssl

      /usr/local/bin/openssl


      export LD_LIBRARY_PATH=/usr/local/lib64/


      ls -lhrt

      total 11M

      drwxr-xr-x. 2 root root   61 Oct 25 16:27 pkgconfig

      -rwxr-xr-x. 1 root root 3.3M Oct 26 12:58 libcrypto.so.1.1

      -rwxr-xr-x. 1 root root 726K Oct 26 12:58 libssl.so.1.1

      -rw-r--r--. 1 root root 5.4M Oct 26 12:58 libcrypto.a

      -rw-r--r--. 1 root root 1.1M Oct 26 12:58 libssl.a

       lrwxrwxrwx. 1 root root   16 Oct 26 12:58 libcrypto.so -> libcrypto.so.1.1

       lrwxrwxrwx. 1 root root   13 Oct 26 12:58 libssl.so -> libssl.so.1.1

       drwxr-xr-x. 2 root root   39 Oct 26 12:58 engines-1.1



       openssl ciphers -V

       Segmentation fault


gdb ./openssl core.3370 


GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-119.el7

Copyright (C) 2013 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-redhat-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/openssl-1.1.1h/openssl-1.1.1h/apps/openssl...(no debugging symbols found)...done.

[New LWP 3370]

[Thread debugging using libthread_db enabled]

Using host libthread_db library "/lib64/libthread_db.so.1".

Core was generated by `openssl ciphers -V'.

Program terminated with signal 11, Segmentation fault.

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) bt

#0  0x000000000041c53d in do_body.isra.3 ()

(gdb) 




Thanks

Satyam




On Mon, 26 Oct 2020 at 12:16, Dmitry Belyavsky <[hidden email]> wrote:
If you have just built the openssl, try to set the LD_LIBRARY_PATH environment variable pointing to freshly built libcrypto/libssl

On Mon, Oct 26, 2020 at 9:33 AM Satyam Mehrotra <[hidden email]> wrote:
Hello,

Any Suggestions on how this can be done ?
why openssl binary is crashing if i am compiling it with -enable-weak-ssl-ciphers , also what is the location of the crash file.

Thanks
Satyam

On Sun, 25 Oct 2020 at 12:57, Satyam Mehrotra <[hidden email]> wrote:
Hello Everyone,

I have just joined the openssl users community. 
My requirement is to have the SSLv3 and weak ciphers enable  with openssl installation .
I have a query regarding enabling SSLv3 protocol and weak ciphers with openssl-1.1.1h installation

I have followed the below steps

1)  ./config -enable-weak-ssl-ciphers


2) The Makefile looks as below

===============================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


##

## Makefile for OpenSSL

##

## WARNING: do not edit!

## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl


PLATFORM=linux-x86_64

OPTIONS=-enable-weak-ssl-ciphers no-asan no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ubsan no-unit-test no-zlib no-zlib-dynamic

CONFIGURE_ARGS=("linux-x86_64", "-enable-weak-ssl-ciphers")

SRCDIR=.

BLDDIR=.


VERSION=1.1.1h

MAJOR=1

MINOR=1.1

SHLIB_VERSION_NUMBER=1.1

SHLIB_VERSION_HISTORY=

SHLIB_MAJOR=1

SHLIB_MINOR=1

SHLIB_TARGET=linux-shared

SHLIB_EXT=.so.$(SHLIB_VERSION_NUMBER)

SHLIB_EXT_SIMPLE=.so

SHLIB_EXT_IMPORT=


LIBS=apps/libapps.a libcrypto.a libssl.a test/libtestutil.a

SHLIBS=libcrypto$(SHLIB_EXT) libssl$(SHLIB_EXT)

SHLIB_INFO=";" "libcrypto$(SHLIB_EXT);libcrypto$(SHLIB_EXT_SIMPLE)" "libssl$(SHLIB_EXT);libssl$(SHLIB_EXT_SIMPLE)" ";"

ENGINES=engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so

@                                                                   


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


if i do any openssl operations it gives error ( core dumped )


      ./openssl ciphers -V

       Segmentation fault (core dumped)


Can someone help me in resolving this issue ?


If i don't use option "-enable-weak-ssl-ciphers "  then the above issue is not seen but SSLv3 and weak ciphers do not get enable.


Thanks

Satyam



--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky


--
SY, Dmitry Belyavsky