RE: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a)
There is a public function named SHA1_Update in netscape httpd itself (yes, I wasted some time with this too!), and that function of course does not have same parameters as the OpenSSL SHA1_Update. Because you hardly have access to netscape's source code, you have to bend over and rename the SHA1_Update function in OpenSSL to something else - lots of files to update. Or link the OpenSSL crypto library using -Wl,-Bsymbolic option. This should prevent the unix loader from resolving calls from crypto library to netscape httpd's code (which in my opinion is a really strange if not stupid feature of solaris/linux). Jussi Kohonen -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve BazylSent: Wednesday, June 14, 2000 6:21 AMTo: [EMAIL PROTECTED]Subject: RE: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a) One more thing...I also tried adding lock callbacks to make sure its not a threadingproblem. Made no difference (was getting lock requests asI should, and only from a single thread as expected). -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve BazylSent: Tuesday, June 13, 2000 7:41 PMTo: [EMAIL PROTECTED]Subject: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a) We're having a really strange problem with the openssl crypto library -- it keeps segfaulting down in SHA1_Update when called from an NSAPI plugin (running in NES 3.6). I've tried building the library with optimizations off and all that fun stuff, and have run the test suite which it passes with flying colors. I've also written various pieces of test code which drive the crypto lib with both static and dynamic linking, all works fine. However, every time we run it inside NES, it crashes. I've reduced it down to a simple piece of test code which promptly crashes the web server when invoked. #include stdio.h#include stdlib.h#include string.h#include time.h#include nsapi.h NSAPI_PUBLIC intopenssl_test( pblock *param, Session *sn, Request *rq ){ char seed[] = "somearbitrary data to seed the random numbergenerator"; printf ( "seeding..." ); RAND_seed( seed, sizeof seed- 1); // Probably don't need the-1, butI'm getting paranoid :) printf ( "done\n" ); return REQ_PROCEED;} To build (assuming you have openssl and netscape libs in appropriate places...): gcc -G -o test_plugin.so test_plugin.c-lcrypto -lnsl -lsocket -DUNIX -DXP_UNIX -D_REENTRANT Add to the server's obj.conf: Init fn="load-modules" funcs="openssl_test" shlib="wherever_you_put_your_library" Init fn="openssl_test" Interestingly,if I link against the old SSLeay crypto library it works fine! (ok...I have an old binary, not quite sure how it was built...maybe something in the build options...probably not since all the tests pass fine?). Any and all help is greatly appreciated :)
RE: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a)
-Original Message- From: Jussi Kohonen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 14, 2000 2:30 AM There is a public function named SHA1_Update in netscape httpd itself (yes, I wasted some time with this too!), and that function of course does not have same parameters as the OpenSSL SHA1_Update. Because you hardly have access to netscape's source code, you have to bend over and rename the SHA1_Update function in OpenSSL to something else - lots of files to update. Or link the OpenSSL crypto library using -Wl,- Bsymbolic option. This should prevent the unix loader from resolving calls from crypto library to netscape httpd's code (which in my opinion is a really strange if not stupid feature of solaris/linux). Note that shared objects loaded by Netscape Application Server (NAS, the former Kiva product, not to be confused with NES) generally have to be linked with -Bsymbolic. It's probably a good practice to link OpenSSL with that option on Solaris if you plan to use it with any Netscape product. -Bsymbolic causes the linker to prebind references to their definitions if those definitions are already available in the dynamic object - eg. calls within OpenSSL to SHA1_Update will be prebound to OpenSSL's SHA1_Update. Without -Bsymbolic, calls in OpenSSL to SHA1_Update (or whatever) won't be bound until runtime, at which point they can latch onto the available function in NES. (If NES' SHA1_Update were scope-reduced to not be available via NSAPI, or if its linkage were "weak", then OpenSSL's definition could override NES' for OpenSSL's purpose. At least if I understand this stuff correctly. The subtleties of Solaris linking are mightily confusing.) -Bsymbolic isn't the default because it was added some time after the switch to SysV linking (with Solaris 2) and making it the default would have broken existing code; it interferes (slightly) with calling back from a loaded module into the loading program; and prebinding is a religious issue. (There was much wailing over AIX 3's prebinding of dynamic objects, particularly because the implementation of libc in 3.1 as a pretty much monolithic single shared object in an archive made it difficult to interpose malloc and other libc functions without understanding the vagaries of AIX linking. The moral, of course, is that you never know enough about how the linker and loader work.) Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a)
Thanks go to Jussi and Michael for pointing out the linker issue :)
Re: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a)
"Steve Bazyl" [EMAIL PROTECTED] writes: [1 text/plain; iso-8859-1 (7bit)] We're having a really strange problem with the openssl crypto library -- it keeps segfaulting down in SHA1_Update when called from an NSAPI plugin (running in NES 3.6). I've tried building the library with optimizations off and all that fun stuff, and have run the test suite which it passes with flying colors. I've also written various pieces of test code which drive the crypto lib with both static and dynamic linking, all works fine. However, every time we run it inside NES, it crashes. I've reduced it down to a simple piece of test code which promptly crashes the web server when invoked. #include stdio.h #include stdlib.h #include string.h #include time.h #include nsapi.h NSAPI_PUBLIC int openssl_test( pblock *param, Session *sn, Request *rq ) { char seed[] = "some arbitrary data to seed the random number generator"; printf ( "seeding..." ); RAND_seed( seed, sizeof seed - 1); // Probably don't need the -1, but I'm getting paranoid :) printf ( "done\n" ); return REQ_PROCEED; } Steve, I'd guess the problem is that Netscape already has a SHA1_Update() function and that you're getting that called instead of the OpenSSL SHA1_Update() function. I don't have an NES on hand, but Navigator certainly has a SHA1_Update() function already. As for why it worked with SSLeay? That's puzzling, I admit. Perhaps the function name changed or was only recently exposed to dynamic linkage or something. Try #defining SHA1_Update() to something else in the OpenSSL build and see if that fixes the problem. -Ekr __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a)
One more thing...I also tried adding lock callbacks to make sure its not a threadingproblem. Made no difference (was getting lock requests asI should, and only from a single thread as expected). -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve BazylSent: Tuesday, June 13, 2000 7:41 PMTo: [EMAIL PROTECTED]Subject: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a) We're having a really strange problem with the openssl crypto library -- it keeps segfaulting down in SHA1_Update when called from an NSAPI plugin (running in NES 3.6). I've tried building the library with optimizations off and all that fun stuff, and have run the test suite which it passes with flying colors. I've also written various pieces of test code which drive the crypto lib with both static and dynamic linking, all works fine. However, every time we run it inside NES, it crashes. I've reduced it down to a simple piece of test code which promptly crashes the web server when invoked. #include stdio.h#include stdlib.h#include string.h#include time.h#include nsapi.h NSAPI_PUBLIC intopenssl_test( pblock *param, Session *sn, Request *rq ){ char seed[] = "somearbitrary data to seed the random numbergenerator"; printf ( "seeding..." ); RAND_seed( seed, sizeof seed- 1); // Probably don't need the-1, butI'm getting paranoid :) printf ( "done\n" ); return REQ_PROCEED;} To build (assuming you have openssl and netscape libs in appropriate places...): gcc -G -o test_plugin.so test_plugin.c-lcrypto -lnsl -lsocket -DUNIX -DXP_UNIX -D_REENTRANT Add to the server's obj.conf: Init fn="load-modules" funcs="openssl_test" shlib="wherever_you_put_your_library" Init fn="openssl_test" Interestingly,if I link against the old SSLeay crypto library it works fine! (ok...I have an old binary, not quite sure how it was built...maybe something in the build options...probably not since all the tests pass fine?). Any and all help is greatly appreciated :)