编译过时的PHP会产生带有OpenSSL函数的核心转储. OpenSSL版本不匹配? [英] compiling outdated PHP yields core dump with OpenSSL functions. OpenSSL version mismatch?

问题描述

我使用以下./config选项编译了OpenSSL 0.9.8x:

I compiled OpenSSL 0.9.8x with these ./config options:

./config --prefix=/usr/local/openssl-0.9.8 --openssldir=/usr/local/openssl-0.9.8

我正在使用这些./configure选项(以及其他选项)来编译我的PHP版本:

I'm compiling my PHP version with these ./configure options (among others):

   --with-openssl=/usr/local/openssl-0.9.8
   --with-openssl-dir=/usr/local/openssl-0.9.8

问题在于，当我使用openssl_public_encrypt运行PHP脚本时，出现了分段错误.

The problem is that when I run a PHP script with openssl_public_encrypt I'm getting a segmentation fault.

这是gdb所说的:

Program terminated with signal 11, Segmentation fault.
#0  0x00007fd3381c5a48 in RSA_public_encrypt () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0

在/usr/local/openssl-0.9.8/lib/中有libcrypto.so.0.9.8，为什么不使用它?

In /usr/local/openssl-0.9.8/lib/ there's libcrypto.so.0.9.8 so why isn't it using that?

这是我的OpenSSL Makefile:

Here's my OpenSSL Makefile:

https://pastebin.com/0QSqLCr8

这是我的PHP Makefile:

Here's my PHP Makefile:

https://pastebin.com/dGmu0SYZ

这是一个复制问题的Dockefile:

Here's a Dockefile that reproduces the issue:

https://pastebin.com/ziZzvTh8

有什么想法吗?谢谢！

推荐答案

使用LD_LIBRARY_PATH通常可以解决问题，但在这种情况下不适合您.

Use LD_LIBRARY_PATH will fix the problem in general, but not for yours in this case.

我已根据您的Dockerfile进行了改写，以修复segfault.

I have rewritten the Dockerfile based on yours in order to fix the segfault.

1. 在PHP的配置阶段删除--disable-rpath和--libdir参数.

我们使用rpath在运行时定位共享对象，以在/usr/local/openssl-0.9.8x上自定义构建openssl.

We use rpath to locate shared objects at runtime for custom build openssl on /usr/local/openssl-0.9.8x.

请参见 https://linux.die.net/man/1中的选项-rpath=dir /ld

See option -rpath=dir from https://linux.die.net/man/1/ld

将目录添加到运行时库搜索路径.在将ELF可执行文件与共享库链接时使用.所有-rpath参数都被串联并传递到运行时链接程序，该链接程序使用它们在运行时定位共享对象.在查找链接中明确包含的共享对象所需的共享对象时，也使用-rpath选项

Add a directory to the runtime library search path. This is used when linking an ELF executable with shared objects. All -rpath arguments are concatenated and passed to the runtime linker, which uses them to locate shared objects at runtime. The -rpath option is also used when locating shared objects which are needed by shared objects explicitly included in the link

在OpenSSL的配置脚本中添加shared选项

构建共享库(libcrypto.so.0.9.8和libssl.so.0.9.8)

To build share libraries (libcrypto.so.0.9.8 and libssl.so.0.9.8)

仅在/usr/kerberos/lib中链接kerberos库

Link kerberos libraries only in /usr/kerberos/lib

不是将所有库从/usr/lib/x86_64-linux-gnu链接到/usr/kerberos/lib，而是运行时搜索路径的顺序为/usr/kerberos/lib:/usr/local/openssl-0.9.8/lib

Instead of linking all libraries from /usr/lib/x86_64-linux-gnu to /usr/kerberos/lib, The ordering of runtime search path is /usr/kerberos/lib:/usr/local/openssl-0.9.8/lib

这是更改

# https://pastebin.com/ziZzvTh8
--- ziZzvTh8.txt    2019-10-08 10:31:33.229217226 +0800
+++ Dockerfile   2019-10-08 12:07:03.271948150 +0800
@@ -8,7 +8,7 @@
     && wget --no-check-certificate http://www.openssl.org/source/openssl-0.9.8x.tar.gz \
     && tar xvfz openssl-0.9.8x.tar.gz \
     && cd openssl-0.9.8x \
-    && ./config --prefix=/usr/local/openssl-0.9.8 \
+    && ./config shared --prefix=/usr/local/openssl-0.9.8 \
     && make \
     && make install

@@ -23,7 +23,8 @@
     && ln -s /usr/lib/x86_64-linux-gnu/libexpat.so /usr/lib/ \
     && ln -s /usr/lib/x86_64-linux-gnu/libmysqlclient.so /usr/lib/libmysqlclient.so \
     && mkdir /usr/kerberos \
-    && ln -s /usr/lib/x86_64-linux-gnu /usr/kerberos/lib
+    && ln -s /usr/lib/x86_64-linux-gnu/mit-krb5 /usr/kerberos/lib
+

 RUN apt-get build-dep -y php5

@@ -43,7 +44,6 @@
        --with-zlib \
        --with-gd \
        --with-pgsql \
-       --disable-rpath \
        --enable-inline-optimization \
        --with-bz2 \
        --with-zlib \
@@ -62,7 +62,6 @@
        --enable-gd-native-ttf \
        --with-openssl=/usr/local/openssl-0.9.8 \
        --with-openssl-dir=/usr/local/openssl-0.9.8 \
-       --with-libdir=/lib/x86_64-linux-gnu \
        --enable-ftp \
        --with-imap \
        --with-imap-ssl \
@@ -72,4 +71,6 @@
      && make \
      && make install-cli

+ADD test.php /root/test.php
+
 CMD ["bash"]

test.php

<?php

$key = <<<EOF
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHzD76i8DA25nC+Qsswi
OM0lW+gViiQD4tEm7suxBc2BGibtdlrsprVIId92hSjQKx4x8+XVWU6k89T5vy8Y
txpXN759OWdGkDi8uvZuYclMjW9Rao+oqSvbXH37R7oSY287I+6uOHclGhniQN3q
RyoXBkbhDk0/FTI/i549q/gGk1UZYv449KLrDOqmtohRcIyAYVnvvWtD1kIzourq
hMtEIrPqwoBqTaUA9kOIXw1jMovao2TN52j48KgOg9KjqtdwUwD9e6n7hJd/subF
6woc8L7zjJFOHH5gacUC7vtiMpBpnSyLQpjFLepYYwftjsRmg4xLdh+Zvgw3xqi4
lwIDAQAB
-----END PUBLIC KEY-----
EOF;

var_dump(openssl_public_encrypt($data, $crypted, $key));
var_dump($crypted);

结果

root@7c5df089bcb0:/# php -v
PHP 4.4.9 (cli) (built: Oct  8 2019 04:09:29)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies

root@7c5df089bcb0:/# php -i | grep OpenSSL
CURL Information => libcurl/7.26.0 OpenSSL/0.9.8x zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3
OpenSSL support => enabled
OpenSSL Version => OpenSSL 0.9.8x 10 May 2012

root@7c5df089bcb0:/# php /root/test.php
bool(true)
string(256) "W`r�b��e��',뱌Zł^�$�֗��S����w�j�د<������� �)<��j��JL(f@�A���5_S�X=g-?0M�(�d�����+���     �nD*gzË��ڞc'�\'͗�'vnmo�G�Bv�
#~�y D!��lb�t^���| )[za��5���y�G{�\�"

root@7c5df089bcb0:/# ldd `which php` | egrep 'libssl|libcrypto'
        libssl.so.0.9.8 => /usr/local/openssl-0.9.8/lib/libssl.so.0.9.8 (0x00007efe86da1000)
        libcrypto.so.0.9.8 => /usr/local/openssl-0.9.8/lib/libcrypto.so.0.9.8 (0x00007efe86a0b000)
        libssl.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007efe8401b000)
        libcrypto.so.1.0.0 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007efe83c21000)

root@7c5df089bcb0:/# objdump -p `which php` | grep RPATH
  RPATH                /usr/lib/x86_64-linux-gnu:/usr/kerberos/lib:/usr/local/openssl-0.9.8/lib

这篇关于编译过时的PHP会产生带有OpenSSL函数的核心转储. OpenSSL版本不匹配?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！