Bug in EVP_DigestFinal_ex() in version 1.0.0d?

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug in EVP_DigestFinal_ex() in version 1.0.0d?

Erwin Himawan
Hi All,

I am trying out the example in this http://www.openssl.org/docs/crypto/EVP_DigestInit.html.

When I build this example using ver 1.0.0d, the example crashes at EVP_DigestFinal_ex.
When I build this example using previous version , the example works as expected.

Any thoughts or comments whether the issue associated with EVP_DigestFinal_ex is specific to this example or has broader impact?

Thanks,
Erwin
Reply | Threaded
Open this post in threaded view
|

Re: Bug in EVP_DigestFinal_ex() in version 1.0.0d?

Victor Duchovni
On Mon, Jun 06, 2011 at 03:18:12PM -0500, Erwin Himawan wrote:

> I am trying out the example in this
> http://www.openssl.org/docs/crypto/EVP_DigestInit.html.
>
> When I build this example using ver 1.0.0d, the example crashes at E
> VP_DigestFinal_ex. When I build this example using previous version,
> the example works as expected.

You may have a mixed compilation environment, with headers, compile-time
libraries and run-time libraries coming from different OpenSSL versions.

> Any thoughts or comments whether the issue associated with EVP_DigestFinal_ex
> is specific to this example or has broader impact?

You have not detailed any issues, so no response is possible. To properly
describe the issue, you need to specify the platform, the path to the
OpenSSL headers included during compilation, the path to the libraries
using when the application was linked, and the path to the run-time
libraries found when the application is started and the versions of
OpenSSL associated with each. A debugger stack strace for the crash,
the sizes of relevant structures, ...

FWIW, the example compiles and runs fine with OpenSSL 1.0.0d on x86_64
RHEL 4.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Bug in EVP_DigestFinal_ex() in version 1.0.0d?

Erwin Himawan
Thanks for the response.  It is my bad not to include the necessary detail.
I guess, your answer indicating that this example compiles and runs fine is sufficient.
Furthermore, I your other questions are also valuable for me to make sure my IDE is setup properly.

In the mean time, here is my environment.

I am using Netbean 7.0 for my IDE.
I am using cygwin: CYGWIN_NT-5.1 1.7.9(0.237/5/3) 2011-03-29 10:10 i686

My host platform is WindowXP 32 bit.
I am building the openssl ver 1.0.0d using the cygwin.
The path to the OpenSSL headers included during compilation: C:/cygwin//usr/local/ssl/include/openssl
The path to the libraries using when the application was linked (linker configuration): c:/cygwin/usr/local/ssl/lib
   I am using libcrypto.a and libssl.a 
The path to the run-time: I am running the executable within the IDE, so I believe the IDE uses the same  lib defined in the linker configuration).






On Mon, Jun 6, 2011 at 4:10 PM, Victor Duchovni <[hidden email]> wrote:
On Mon, Jun 06, 2011 at 03:18:12PM -0500, Erwin Himawan wrote:

> I am trying out the example in this
> http://www.openssl.org/docs/crypto/EVP_DigestInit.html.
>
> When I build this example using ver 1.0.0d, the example crashes at E
> VP_DigestFinal_ex. When I build this example using previous version,
> the example works as expected.

You may have a mixed compilation environment, with headers, compile-time
libraries and run-time libraries coming from different OpenSSL versions.

> Any thoughts or comments whether the issue associated with EVP_DigestFinal_ex
> is specific to this example or has broader impact?

You have not detailed any issues, so no response is possible. To properly
describe the issue, you need to specify the platform, the path to the
OpenSSL headers included during compilation, the path to the libraries
using when the application was linked, and the path to the run-time
libraries found when the application is started and the versions of
OpenSSL associated with each. A debugger stack strace for the crash,
the sizes of relevant structures, ...

FWIW, the example compiles and runs fine with OpenSSL 1.0.0d on x86_64
RHEL 4.

--
       Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Bug in EVP_DigestFinal_ex() in version 1.0.0d?

Victor Duchovni
On Mon, Jun 06, 2011 at 06:22:53PM -0500, Erwin Himawan wrote:

> I am using Netbean 7.0 for my IDE.
> I am using cygwin: CYGWIN_NT-5.1 1.7.9(0.237/5/3) 2011-03-29 10:10 i686
>
> My host platform is WindowXP 32 bit.
> I am building the openssl ver 1.0.0d using the cygwin.
> The path to the OpenSSL headers included during compilation:
> C:/cygwin//usr/local/ssl/include/openssl

Can you demonstrate that the headers used are the 1.0.0d version? For
example, print the values of the compile-time OpenSSL version macro.
(OPENSSL_VERSION_NUMBER).

> The path to the libraries using when the application was linked (linker
> configuration): c:/cygwin/usr/local/ssl/lib
>    I am using libcrypto.a and libssl.a
> The path to the run-time: I am running the executable within the IDE, so I
> believe the IDE uses the same  lib defined in the linker configuration).

Can you demonstrate that the libraries are the 1.0.0d version? For
example, print the value of the run-time OpenSSL version (SSLeay()).

Can you post the stack strace from the crash and identify the data
structures involved, ...

Most likely your compilation environment is mixed.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Bug in EVP_DigestFinal_ex() in version 1.0.0d?

Erwin Himawan
Hi Victor,

If I understand these printout correctly, my compilation environment is mixed.  However, can you confirm?

When the code crashes, here are the print outs:

OPENSSL_VERSION_NUMBER: 9470255

SSLeay(): 268435535

When the code does not crash, here are the print outs:

OPENSSL_VERSION_NUMBER: 9470255

SSLeay(): 9470255


Do the OPENSSL_VERSION_NUMBER and SSLeay() supposed to be the same?


Thanks,

Erwin


On Mon, Jun 6, 2011 at 7:52 PM, Victor Duchovni <[hidden email]> wrote:
On Mon, Jun 06, 2011 at 06:22:53PM -0500, Erwin Himawan wrote:

> I am using Netbean 7.0 for my IDE.
> I am using cygwin: CYGWIN_NT-5.1 1.7.9(0.237/5/3) 2011-03-29 10:10 i686
>
> My host platform is WindowXP 32 bit.
> I am building the openssl ver 1.0.0d using the cygwin.
> The path to the OpenSSL headers included during compilation:
> C:/cygwin//usr/local/ssl/include/openssl

Can you demonstrate that the headers used are the 1.0.0d version? For
example, print the values of the compile-time OpenSSL version macro.
(OPENSSL_VERSION_NUMBER).

> The path to the libraries using when the application was linked (linker
> configuration): c:/cygwin/usr/local/ssl/lib
>    I am using libcrypto.a and libssl.a
> The path to the run-time: I am running the executable within the IDE, so I
> believe the IDE uses the same  lib defined in the linker configuration).

Can you demonstrate that the libraries are the 1.0.0d version? For
example, print the value of the run-time OpenSSL version (SSLeay()).

Can you post the stack strace from the crash and identify the data
structures involved, ...

Most likely your compilation environment is mixed.

--
       Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Bug in EVP_DigestFinal_ex() in version 1.0.0d?

Victor Duchovni
On Tue, Jun 07, 2011 at 10:05:19AM -0500, Erwin Himawan wrote:

> Hi Victor,
>
> If I understand these printout correctly, my compilation environment is
> mixed.  However, can you confirm?
>
> When the code crashes, here are the print outs:
>
> OPENSSL_VERSION_NUMBER: 9470255

    Converted to hexadecimal, this is: 0090812F, which is 0.9.8l

> SSLeay(): 268435535

    Converted to hexadecimal, this is: 1000004F, which is 1.0.0d

> When the code does not crash, here are the print outs:
>
> OPENSSL_VERSION_NUMBER: 9470255
>
> SSLeay(): 9470255

Here, both the headers and libraries are 0.9.8l

> Do the OPENSSL_VERSION_NUMBER and SSLeay() supposed to be the same?

Certainly on the platform where the code is built, later the run-time
can be at a higher patch level. You are linking with OpenSSL 1.0.0,
but using headers from OpenSSL 0.9.8. This won't work.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Bug in EVP_DigestFinal_ex() in version 1.0.0d?

Erwin Himawan
Viktor,

Thanks for your help.  Once I fix my compilation environment, everything works ok.

Thanks again.

Regards,
Erwin


On Tue, Jun 7, 2011 at 10:22 AM, Victor Duchovni <[hidden email]> wrote:
On Tue, Jun 07, 2011 at 10:05:19AM -0500, Erwin Himawan wrote:

> Hi Victor,
>
> If I understand these printout correctly, my compilation environment is
> mixed.  However, can you confirm?
>
> When the code crashes, here are the print outs:
>
> OPENSSL_VERSION_NUMBER: 9470255

   Converted to hexadecimal, this is: 0090812F, which is 0.9.8l

> SSLeay(): 268435535

   Converted to hexadecimal, this is: 1000004F, which is 1.0.0d

> When the code does not crash, here are the print outs:
>
> OPENSSL_VERSION_NUMBER: 9470255
>
> SSLeay(): 9470255

Here, both the headers and libraries are 0.9.8l

> Do the OPENSSL_VERSION_NUMBER and SSLeay() supposed to be the same?

Certainly on the platform where the code is built, later the run-time
can be at a higher patch level. You are linking with OpenSSL 1.0.0,
but using headers from OpenSSL 0.9.8. This won't work.

--
       Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Bug in EVP_DigestFinal_ex() in version 1.0.0d?

Victor Duchovni
On Tue, Jun 07, 2011 at 10:42:54AM -0500, Erwin Himawan wrote:

> Thanks for your help.  Once I fix my compilation environment, everything
> works ok.

Glad it works for you.

> > > When the code crashes, here are the print outs:
> > >
> > > OPENSSL_VERSION_NUMBER: 9470255
> >
> >     Converted to hexadecimal, this is: 0090812F, which is 0.9.8l

Minor correction, 12 hex is of course 18 decimal, so it was "0.9.8r"
not "0.9.8l".

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]