Random and rare Seg faults at openssl library level

Jan Just Keijser janjust at nikhef.nl
Tue Jan 12 10:21:03 UTC 2021


Hi,

On 07/01/21 23:53, Gimhani Uthpala wrote:
>
>
> On Thu, Jan 7, 2021 at 3:08 AM Ken Goldman <kgoldman at us.ibm.com 
> <mailto:kgoldman at us.ibm.com>> wrote:
>
>     On 1/6/2021 12:10 PM, Gimhani Uthpala wrote:
>
>     > I am getting seg-faults at openssl level. This only
>     occurred very randomly and the following are stacks that seg
>     faults  at openssl level in the given 2 cases. We are using
>     openssl 1.0.2k.
>
>     The usual cause is that you are compiling with one version of
>     openssl and (static or dynamic) linking with a different one.
>     The cause of that is typically that you have more than one version
>     of openssl installed.
>
>     If this is a 3rd party application, not one you're building, you
>     have to find out what version of openssl they expect.
>
>
>
> I only have this 1.0.2.k-fips one version installed in both compiling 
> and running machines. However, I am compiling the application in RH7.4 
> and running in RH7.8 linking to openssl library dynamically. I assume 
> no issue with that as I am using the same version of openssl in both.
>
actually - there could be an issue with that, as RedHat has this 
tendency to patch openssl between releases (mostly backporting security 
fixes from openssl 1.1.x to 1.0.2k).

Have you tried installing the debuginfo package for openssl so that the 
stacktrace will show you better info:
   debuginfo-install openssl-libs openssl

right now all you know is that the segfault occurs *somewhere* within 
ASN1_item_verify ()

HTH,

JJK

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210112/65592562/attachment.html>


More information about the openssl-users mailing list