RE: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a)
There
is a public function named SHA1_Update in netscape httpd itself (yes, I wasted
some time with this too!), and that function of course does not have same
parameters as the OpenSSL SHA1_Update.
Because you hardly have access to netscape's source
code, you have to bend over and rename the SHA1_Update function in OpenSSL to
something else - lots of files to update. Or link the OpenSSL crypto library
using -Wl,-Bsymbolic option. This should prevent the unix loader from resolving
calls from crypto library to netscape httpd's code (which in my opinion is a
really strange if not stupid feature of solaris/linux).
Jussi
Kohonen
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Steve BazylSent: Wednesday, June 14, 2000 6:21
AMTo: [EMAIL PROTECTED]Subject: RE: segfault
when using crypto library inside netscape plugin (Solaris
2.6/Sparc/openssl-0.9.5a)
One
more thing...I also tried adding lock callbacks to make sure its not a threadingproblem. Made no
difference (was getting lock requests asI should, and only from a single
thread as expected).
-Original
Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Steve
BazylSent: Tuesday, June 13, 2000 7:41 PMTo:
[EMAIL PROTECTED]Subject: segfault when using crypto
library inside netscape plugin (Solaris
2.6/Sparc/openssl-0.9.5a)
We're having a
really strange problem with the openssl crypto library -- it keeps
segfaulting down in SHA1_Update when called from an NSAPI plugin (running in
NES 3.6).
I've tried
building the library with optimizations off and all that fun stuff, and have
run the test suite which it passes with flying colors. I've also
written various pieces of test code which drive the crypto lib with both
static and dynamic linking, all works fine. However, every time we run
it inside NES, it crashes.
I've reduced it
down to a simple piece of test code which promptly crashes the web server
when invoked.
#include stdio.h#include
stdlib.h#include string.h#include
time.h#include nsapi.h
NSAPI_PUBLIC intopenssl_test( pblock *param, Session *sn,
Request *rq ){ char seed[] = "somearbitrary data to seed the random
numbergenerator";
printf ( "seeding..." );
RAND_seed( seed, sizeof
seed- 1); //
Probably don't need the-1, butI'm getting paranoid
:) printf ( "done\n" ); return REQ_PROCEED;}
To build
(assuming you have openssl and netscape libs in appropriate
places...):
gcc -G -o
test_plugin.so test_plugin.c-lcrypto -lnsl -lsocket -DUNIX -DXP_UNIX
-D_REENTRANT
Add to the
server's obj.conf:
Init
fn="load-modules" funcs="openssl_test"
shlib="wherever_you_put_your_library"
Init
fn="openssl_test"
Interestingly,if I link against the old
SSLeay crypto library it works fine! (ok...I have an old binary, not
quite sure how it was built...maybe something in the build
options...probably not since all the tests pass fine?).
Any and all help
is greatly appreciated :)
RE: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a)
-Original Message- From: Jussi Kohonen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 14, 2000 2:30 AM There is a public function named SHA1_Update in netscape httpd itself (yes, I wasted some time with this too!), and that function of course does not have same parameters as the OpenSSL SHA1_Update. Because you hardly have access to netscape's source code, you have to bend over and rename the SHA1_Update function in OpenSSL to something else - lots of files to update. Or link the OpenSSL crypto library using -Wl,- Bsymbolic option. This should prevent the unix loader from resolving calls from crypto library to netscape httpd's code (which in my opinion is a really strange if not stupid feature of solaris/linux). Note that shared objects loaded by Netscape Application Server (NAS, the former Kiva product, not to be confused with NES) generally have to be linked with -Bsymbolic. It's probably a good practice to link OpenSSL with that option on Solaris if you plan to use it with any Netscape product. -Bsymbolic causes the linker to prebind references to their definitions if those definitions are already available in the dynamic object - eg. calls within OpenSSL to SHA1_Update will be prebound to OpenSSL's SHA1_Update. Without -Bsymbolic, calls in OpenSSL to SHA1_Update (or whatever) won't be bound until runtime, at which point they can latch onto the available function in NES. (If NES' SHA1_Update were scope-reduced to not be available via NSAPI, or if its linkage were "weak", then OpenSSL's definition could override NES' for OpenSSL's purpose. At least if I understand this stuff correctly. The subtleties of Solaris linking are mightily confusing.) -Bsymbolic isn't the default because it was added some time after the switch to SysV linking (with Solaris 2) and making it the default would have broken existing code; it interferes (slightly) with calling back from a loaded module into the loading program; and prebinding is a religious issue. (There was much wailing over AIX 3's prebinding of dynamic objects, particularly because the implementation of libc in 3.1 as a pretty much monolithic single shared object in an archive made it difficult to interpose malloc and other libc functions without understanding the vagaries of AIX linking. The moral, of course, is that you never know enough about how the linker and loader work.) Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a)
Thanks go to Jussi and Michael for pointing out the linker issue :)
Re: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a)
"Steve Bazyl" [EMAIL PROTECTED] writes:
[1 text/plain; iso-8859-1 (7bit)]
We're having a really strange problem with the openssl crypto library -- it
keeps segfaulting down in SHA1_Update when called from an NSAPI plugin
(running in NES 3.6).
I've tried building the library with optimizations off and all that fun
stuff, and have run the test suite which it passes with flying colors. I've
also written various pieces of test code which drive the crypto lib with
both static and dynamic linking, all works fine. However, every time we run
it inside NES, it crashes.
I've reduced it down to a simple piece of test code which promptly crashes
the web server when invoked.
#include stdio.h
#include stdlib.h
#include string.h
#include time.h
#include nsapi.h
NSAPI_PUBLIC int openssl_test( pblock *param, Session *sn, Request *rq )
{
char seed[] = "some arbitrary data to seed the random number generator";
printf ( "seeding..." );
RAND_seed( seed, sizeof seed - 1); // Probably don't need the -1, but I'm
getting paranoid :)
printf ( "done\n" );
return REQ_PROCEED;
}
Steve,
I'd guess the problem is that Netscape already has a SHA1_Update()
function and that you're getting that called instead of the
OpenSSL SHA1_Update() function.
I don't have an NES on hand, but Navigator certainly has a SHA1_Update()
function already.
As for why it worked with SSLeay? That's puzzling, I admit. Perhaps
the function name changed or was only recently exposed to dynamic
linkage or something.
Try #defining SHA1_Update() to something else in the OpenSSL build
and see if that fixes the problem.
-Ekr
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
RE: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a)
One
more thing...I also tried adding lock callbacks to make sure its not a threadingproblem. Made no
difference (was getting lock requests asI should, and only from a single
thread as expected).
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Steve BazylSent: Tuesday, June 13, 2000 7:41
PMTo: [EMAIL PROTECTED]Subject: segfault when
using crypto library inside netscape plugin (Solaris
2.6/Sparc/openssl-0.9.5a)
We're having a
really strange problem with the openssl crypto library -- it keeps segfaulting
down in SHA1_Update when called from an NSAPI plugin (running in NES
3.6).
I've tried
building the library with optimizations off and all that fun stuff, and have
run the test suite which it passes with flying colors. I've also written
various pieces of test code which drive the crypto lib with both static and
dynamic linking, all works fine. However, every time we run it inside
NES, it crashes.
I've reduced it
down to a simple piece of test code which promptly crashes the web server when
invoked.
#include stdio.h#include
stdlib.h#include string.h#include
time.h#include nsapi.h
NSAPI_PUBLIC intopenssl_test( pblock *param, Session *sn,
Request *rq ){ char seed[] = "somearbitrary data to seed the random
numbergenerator";
printf ( "seeding..." );
RAND_seed( seed, sizeof seed-
1); // Probably don't need the-1,
butI'm getting paranoid :) printf ( "done\n"
); return REQ_PROCEED;}
To build (assuming
you have openssl and netscape libs in appropriate
places...):
gcc -G -o
test_plugin.so test_plugin.c-lcrypto -lnsl -lsocket -DUNIX -DXP_UNIX
-D_REENTRANT
Add to the
server's obj.conf:
Init
fn="load-modules" funcs="openssl_test"
shlib="wherever_you_put_your_library"
Init
fn="openssl_test"
Interestingly,if I link against the old SSLeay
crypto library it works fine! (ok...I have an old binary, not quite sure
how it was built...maybe something in the build options...probably not since
all the tests pass fine?).
Any and all help
is greatly appreciated :)
