Hi, I've been having some trouble with the linking of static versions of OpenSSL 1.0.1c causing breakage and I think it may be a bug. It works okay if:
1) I use OpenSSL 1.0.0j instead 2) I use the dynamic library instead 3) I compile and link using Centos 5 instead of Scientific Linux 6.3 The problem seems to be linking in particular because copying a compiled '.a' static archive from the Centos 5 machine and linking on the Scientific Linux 6.3 machine has the same effect. The problem manifests when calling the line: if (!PEM_write_bio_PKCS8PrivateKey(bo, epkey, EVP_des_ede3_cbc(), NULL, 0, 0, (void *)password)) I get: error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error from my program. I traced the failure back to crypto/evp/digest.c:250 in EVP_DigestUpdate where it calls ctx->update(ctx,data,count), after which I lose the program into a function pointer. It should pop out again in sha1_update as I understand it, but setting a breakpoint there didn't seem to do anything, and I have something that works now (by downgrading the library). As this seems to be dependent on the linking mainly, the gcc and ld versions are: -bash-4.1$ gcc -v Using built-in specs. Target: x86_64-redhat-linux Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla--enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre --enable-libgcj-multifile --enable-java-maintainer-mode --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib --with-ppl --with-cloog --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux Thread model: posix gcc version 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) -bash-4.1$ ld -v GNU ld version 2.20.51.0.2-5.34.el6 20100205 the working ones from Centos 5 are: [root@localhost ~]# gcc -v Using built-in specs. Target: x86_64-redhat-linux Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-libgcj-multifile --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --disable-plugin --with-java-home=/usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre --with-cpu=generic --host=x86_64-redhat-linux Thread model: posix gcc version 4.1.2 20080704 (Red Hat 4.1.2-52) [root@localhost ~]# ld -v GNU ld version 2.17.50.0.6-20.el5_8.3 20061020 Thanks Ben
Hi,
I've been having some trouble with the linking of static versions of OpenSSL 1.0.1c causing breakage and I think it may be a bug. It works okay if:
1) I use OpenSSL 1.0.0j instead
2) I use the dynamic library instead
3) I compile and link using Centos 5 instead of Scientific Linux 6.3
The problem seems to be linking in particular because copying a compiled '.a' static archive from the Centos 5 machine and linking on the Scientific Linux 6.3 machine has the same effect.
The problem manifests when calling the line:
if (!PEM_write_bio_PKCS8PrivateKey(bo, epkey, EVP_des_ede3_cbc(), NULL, 0, 0, (void *)password))
I get:
error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error
from my program. I traced the failure back to crypto/evp/digest.c:250 in EVP_DigestUpdate where it calls ctx->update(ctx,data,count), after which I lose the program into a function pointer. It should pop out again in sha1_update as I understand it, but setting a breakpoint there didn't seem to do anything, and I have something that works now (by downgrading the library). As this seems to be dependent on the linking mainly, the gcc and ld versions are:
-bash-4.1$ gcc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre --enable-libgcj-multifile --enable-java-maintainer-mode --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib --with-ppl --with-cloog --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
gcc version 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC)
-bash-4.1$ ld -v
GNU ld version 2.20.51.0.2-5.34.el6 20100205
the working ones from Centos 5 are:
[root@localhost ~]# gcc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-libgcj-multifile --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --disable-plugin --with-java-home=/usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre --with-cpu=generic --host=x86_64-redhat-linux
Thread model: posix
gcc version 4.1.2 20080704 (Red Hat 4.1.2-52)
[root@localhost ~]# ld -v
GNU ld version 2.17.50.0.6-20.el5_8.3 20061020
Thanks
Ben
