For a library with as many vulnerabilities as OpenSSL, I’m surprised macOS keeps such an ancient version! It’s not like they ship a trimmed down and audited version of LibreSSL, either.
On Thu, Aug 27, 2020 at 20:19 Gary Gregory <garydgreg...@gmail.com> wrote: > The issue for me is that it was a PITA to override macos' baked in > > (ancient) LibreSSL. > > > > Gary > > > > On Thu, Aug 27, 2020, 20:03 Alex Remily <alex.rem...@gmail.com> wrote: > > > > > Interesting. If I understand correctly, you did get it to run > > > successfully to completion, but only after placing a compatible > > > libcrypto in the directory of execution, probably the first place > > > dlopen looks for it. Would you agree then that the error was caused > > > by loading an incompatible libcrypto? I'm inclined to think this is a > > > configuration issue that should be well documented, as opposed to one > > > that should be addressed through code. Like you, I also tried setting > > > the LD_LIBRARY_PATH environment variable with no success. I was able > > > to symlink the libcrypto in the usr/local/lib directory, though, which > > > fixed the issue, but I agree this is a limitation. A user should be > > > able to run more than one instance of libcrypto on the same host. I'm > > > unsure as to the best way to proceed. > > > > > > > > > On Thu, Aug 27, 2020 at 6:41 PM Gary Gregory <garydgreg...@gmail.com> > > > wrote: > > > > > > > > On Mon, Aug 24, 2020 at 7:28 PM Alex Remily <alex.rem...@gmail.com> > > > wrote: > > > > > > > > > Gary, > > > > > > > > > > Can you check that your libcrypto.dylib is symlinked to the libcrypto > > > > > for OpenSSL 1.1.1.g? Mine wasn't, and I was getting different output > > > > > from the main function than from the unit test output. I'm not > > > > > confident that this is the root of the problem, but it may at least > > > > > eliminate a possibility. > > > > > > > > > > On my machine I had to set /usr/local/lib/libcrypto.dylib --> > > > > > /usr/local/Cellar/openssl@1.1/1.1.1g/lib/libcrypto.1.1.dylib. The > JNI > > > > > libraries use dlopen to find and load libcrypto, and dlopen looks for > > > > > > > > > > > > > That did not work for me. The only thing that works is copying the > dylib > > > > file to the current dir. Hack! > > > > > > > > Gary > > > > > > > > > > > > > it in /usr/local/lib/, among other places. > > > > > > > > > > > > > > > > > > > https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dlopen.3.html > > > > > > > > > > If that doesn't work I'm going to need to step through the code. My > > > > > output: > > > > > > > > > > WARNING in native method: JNI call made without checking exceptions > > > > > when required to from CallStaticObjectMethod > > > > > WARNING in native method: JNI call made without checking exceptions > > > > > when required to from CallObjectMethod > > > > > Apache Commons Crypto 1.1.0-SNAPSHOT > > > > > Native code loaded OK 1.1.0-SNAPSHOT > > > > > Native Name Apache Commons Crypto > > > > > Native Built Aug 24 2020 > > > > > OpenSSL library loaded OK, version: 0x1010107f > > > > > OpenSSL library info OpenSSL 1.1.1g 21 Apr 2020 > > > > > Random instance created OK > > > > > Cipher instance created OK > > > > > Additional OpenSSL_version(n) details: > > > > > 1: compiler: clang -fPIC -arch x86_64 -O3 -Wall -DL_ENDIAN > > > > > -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 > > > > > -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m > > > > > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM > > > > > -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM > > > > > -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG > > > > > 2: built on: Tue Apr 21 13:29:43 2020 UTC > > > > > 3: platform: darwin64-x86_64-cc > > > > > 4: OPENSSLDIR: "/usr/local/etc/openssl@1.1" > > > > > 5: ENGINESDIR: "/usr/local/Cellar/openssl@1.1 > /1.1.1g/lib/engines-1.1" > > > > > > > > > > Alex > > > > > > > > > > On Sun, Aug 23, 2020 at 9:50 PM Gary Gregory <garydgreg...@gmail.com > > > > > > > wrote: > > > > > > > > > > > > I do have LibreSSL but I used homebrew to install OpenSSL 1.1.1g > > > which I > > > > > > put first on the PATH. Maybe something is off in my setup... > > > > > > > > > > > > Gary > > > > > > > > > > > > On Sun, Aug 23, 2020, 21:46 Alex Remily <alex.rem...@gmail.com> > > > wrote: > > > > > > > > > > > > > Gary, > > > > > > > > > > > > > > I'll have a look. I did the 1.1 support stuff and I'm familiar > > > with > > > > > > > that class and that error, although I don't recall seeing that > > > > > > > specific error in that class. The JNI libraries check the > OpenSSL > > > > > > > version at runtime, but maybe a compile time dependency got > > > through. > > > > > > > > > > > > > > Out of curiosity, I assume you also have LibreSSL installed? I > > > have > > > > > > > run into issues on my Mac with which librypto gets loaded by the > > > JNI > > > > > > > libraries during the dlsym. I wonder if the runtime is referring > > > to > > > > > > > one version and the JNI library is loading another. > > > > > > > > > > > > > > Anyway, I'll poke around and see what I can figure out. I'll try > > > to > > > > > > > get to it with the rest of the testing this week. > > > > > > > > > > > > > > Alex > > > > > > > > > > > > > > On Sun, Aug 23, 2020 at 11:18 AM Gary Gregory < > > > garydgreg...@gmail.com> > > > > > > > wrote: > > > > > > > > > > > > > > > > I wondering if anyone can confirm the following issue and/or > help > > > > > explain > > > > > > > > it, on MacOS 10.15.6 with OpenSSL 1.1.1g, running: > > > > > > > > > > > > > > > > mvn package > > > > > > > > > > > > > > > > then: > > > > > > > > > > > > > > > > java -Xdiag -Xcheck:jni -cp target/classes > > > > > > > > -Dcommons.crypto.lib.tempdir=target/ > > > org.apache.commons.crypto.Crypto > > > > > > > > WARNING in native method: JNI call made without checking > > > exceptions > > > > > when > > > > > > > > required to from CallStaticObjectMethod > > > > > > > > WARNING in native method: JNI call made without checking > > > exceptions > > > > > when > > > > > > > > required to from CallObjectMethod > > > > > > > > Apache Commons Crypto 1.1.0-SNAPSHOT > > > > > > > > Native code loaded OK: 1.1.0-SNAPSHOT > > > > > > > > Native name: Apache Commons Crypto > > > > > > > > Native built: Aug 22 2020 > > > > > > > > Exception in thread "main" java.lang.UnsatisfiedLinkError: > > > > > > > OpenSSL_version > > > > > > > > at org.apache.commons.crypto.OpenSslInfoNative.OpenSSL(Native > > > > > Method) > > > > > > > > at org.apache.commons.crypto.Crypto.main(Crypto.java:144) > > > > > > > > > > > > > > > > I wonder if we have issues on 1.1.x vs 1.0.x. > > > > > > > > > > > > > > > > My versions: > > > > > > > > > > > > > > > > openssl version > > > > > > > > OpenSSL 1.1.1g 21 Apr 2020 > > > > > > > > > > > > > > > > mvn -version > > > > > > > > Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f) > > > > > > > > Maven home: /opt/apache-maven-3.6.3 > > > > > > > > Java version: 1.8.0_265, vendor: AdoptOpenJDK, runtime: > > > > > > > > > > > > > > /Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/jre > > > > > > > > Default locale: en_US, platform encoding: UTF-8 > > > > > > > > OS name: "mac os x", version: "10.15.6", arch: "x86_64", > family: > > > > > "mac" > > > > > > > > > > > > > > > > Thank you, > > > > > > > > Gary > > > > > > > > > > > > > > > > > > > > > > > > On Sat, Aug 22, 2020 at 7:48 PM Gary Gregory < > > > garydgreg...@gmail.com > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > Hi all, > > > > > > > > > > > > > > > > > > I intent on creating a release candidate for Commons Crypto > > > soon. > > > > > > > > > > > > > > > > > > I pushed a snapshot today which contains native binaries for > > > > > Windows 32 > > > > > > > > > and 64, Linux 32 and 64, Mac 64, and ARM and ARM HF. > > > > > > > > > > > > > > > > > > Please help testing these on whatever platforms you may have > > > > > access to. > > > > > > > > > > > > > > > > > > Gary > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > > > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > -- Matt Sicker <boa...@gmail.com>
