Bug 210859 - security/openssl: Enabled ASM flag lead to shell environment corruption
Summary: security/openssl: Enabled ASM flag lead to shell environment corruption
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Dirk Meyer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-05 22:25 UTC by iron.udjin
Modified: 2016-09-19 10:32 UTC (History)
1 user (show)

See Also:
dinoex: maintainer-feedback+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description iron.udjin 2016-07-05 22:25:04 UTC 
Hello,

I use FreeBSD 10-STABLE. When security/openssl built with ASM flag enabled, it lead to random segfaults in each application which linked with libcrypto.so or libssl.so. At least dovecot2, exim, uwsgi, php5-openssl.

For example "git" which linked with /usr/local/lib/libcrypto.so.8:

openssl-1.0.2_14 with ASM flag enabled:
# git pull
git-remote-https: environment corrupt; missing value for SUDO_GID
error: Could not set GIT_DIR to '.git'
git-remote-https: environment corrupt; missing value for SUDO_GID
Already up-to-date.

openssl-1.0.2_14 without ASM flag enabled:
# git pull
Already up-to-date.

uwsgi won't start with the similar error. 
exim segfaults when starting child process of mail delivery.

Thank you!
Comment 1 Dirk Meyer freebsd_committer freebsd_triage 2016-07-19 11:53:40 UTC 
unable to reproduce on FreeBSD 10.3 amd64

Make sure after changing options to have
old openssl ports deinstalled and rebuild clean:

cd /usr/ports/security/openssl && make clean all test
[...]
OpenSSL 1.0.2h  3 May 2016
built on: reproducible build, date unspecified
platform: BSD-x86_64
options:  bn(64,64) md2(int) rc4(8x,char) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: cc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O3 -Wall -O2 -pipe  -g -fstack-protector -fno-strict-aliasing -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/local/openssl"

Please rebuild the apps using this, and see is the problem vanish.
Comment 2 iron.udjin 2016-07-22 22:50:42 UTC 
(In reply to Dirk Meyer from comment #1)

I ran: cd /usr/ports/security/openssl && make clean all test
...but the problem still exisis.

uwsgi failes to start. In log file I see:
!!! uWSGI process 52102 got Segmentation Fault !!!

I'm trying to understand why uwsgi process doesn't create core dump when it segfaults.

Coredumps are enabled:

# sysctl -a | grep core
kern.corefile: /var/tmp/%U.%N.core
kern.nodump_coredump: 1
kern.coredump: 1
kern.capmode_coredump: 1
kern.sugid_coredump: 1
kern.coredump_pack_vmmapinfo: 1
kern.coredump_pack_fileinfo: 1
debug.ncores: 5
debug.elf32_legacy_coredump: 1
debug.elf64_legacy_coredump: 1
Comment 3 Dirk Meyer freebsd_committer freebsd_triage 2016-08-28 16:24:50 UTC 
upstream the asm option is no longer supported for amd64

The options was now removed from the port.
Comment 4 Franco Fichtner 2016-09-19 10:32:02 UTC 
It looks like the following happened:

Build with non-ASM ports OpenSSL indirectly via e.g. git.

User trying out OpenSSL ASM option, breaking ABI.

User reverting to non-ASM option, ABI restored.

It's likely that this isn't a bug.