Thanks Geoffrey, updating our tally: Here is what community testing we have so far for the Crypto.main() smoke test:
- darwin64-x86_64-cc; OpenSSL 1.1.1g; Gary Gregory, Alex Remily - debian-amd64; OpenSSL 1.0.1f; Gary Gregory - debian-amd64; OpenSSL 1.1.1g; Bruno P. Kinoshita - Linux x86_64; OpenSSL 1.1.1; Alex Remily - Windows 64 (mingw64); OpenSSL 1.1.1d; Alex Remily - linux-aarch64; OpenSSL 1.0.2k-fips; Geoffrey Blake - debian-arm64; OpenSSL 1.1.1f; Geoffrey Blake Gary On Fri, Aug 28, 2020 at 10:25 AM Geoffrey Blake <geoffrey.w.bl...@gmail.com> wrote: > Hi all, > > For the simple smoke test, on AArch64 for AmazonLinux2 (OpenSSL 1.0.2k) and > Ubuntu 20.04 (OpenSSL 1.1.1f) everything loads ok with the current Jar that > Gary posted. > > -Geoff > > AL2 output: > java -cp commons-crypto-1.1.0-20200824.190246-21.jar > org.apache.commons.crypto.Crypto > Apache Commons Crypto 1.1.0-SNAPSHOT > Native code loaded OK: 1.1.0-SNAPSHOT > Native name: Apache Commons Crypto > Native built: Aug 18 2020 > OpenSSL library loaded OK, version: 0x100020bf > OpenSSL library info: OpenSSL 1.0.2k-fips 26 Jan 2017 > Random instance created OK: > org.apache.commons.crypto.random.OpenSslCryptoRandom@54bedef2 > Cipher AES/CTR/NoPadding instance created OK: > org.apache.commons.crypto.cipher.OpenSslCipher@13221655 > Additional OpenSSL_version(n) details: > 1: not available > 2: compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB > -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT > -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches > -Wa,--noexecstack -DPURIFY -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM > 3: built on: reproducible build, date unspecified > 4: platform: linux-aarch64 > 5: OPENSSLDIR: "/etc/pki/tls" > > Ubuntu output: > java -cp commons-crypto-1.1.0-20200824.190246-21.jar > org.apache.commons.crypto.Crypto > Apache Commons Crypto 1.1.0-SNAPSHOT > Native code loaded OK: 1.1.0-SNAPSHOT > Native name: Apache Commons Crypto > Native built: Aug 18 2020 > OpenSSL library loaded OK, version: 0x1010106f > OpenSSL library info: OpenSSL 1.1.1f 31 Mar 2020 > Random instance created OK: > org.apache.commons.crypto.random.OpenSslCryptoRandom@65b54208 > Cipher AES/CTR/NoPadding instance created OK: > org.apache.commons.crypto.cipher.OpenSslCipher@119d7047 > Additional OpenSSL_version(n) details: > 1: compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack > -g -O2 -fdebug-prefix-map=/build/openssl-9j6sUa/openssl-1.1.1f=. > -fstack-protector-strong -Wformat -Werror=format-security > -DOPENSSL_TLS_SECURITY_LEVEL=2 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC > -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM > -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM > -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2 > 2: built on: Mon Apr 20 11:53:50 2020 UTC > 3: platform: debian-arm64 > 4: OPENSSLDIR: "/usr/lib/ssl" > 5: ENGINESDIR: "/usr/lib/aarch64-linux-gnu/engines-1.1" > > On Thu, Aug 27, 2020 at 10:05 PM Matt Sicker <boa...@gmail.com> wrote: > > > For a library with as many vulnerabilities as OpenSSL, I’m surprised > macOS > > keeps such an ancient version! It’s not like they ship a trimmed down and > > audited version of LibreSSL, either. > > > > On Thu, Aug 27, 2020 at 20:19 Gary Gregory <garydgreg...@gmail.com> > wrote: > > > > > The issue for me is that it was a PITA to override macos' baked in > > > > > > (ancient) LibreSSL. > > > > > > > > > > > > Gary > > > > > > > > > > > > On Thu, Aug 27, 2020, 20:03 Alex Remily <alex.rem...@gmail.com> wrote: > > > > > > > > > > > > > Interesting. If I understand correctly, you did get it to run > > > > > > > successfully to completion, but only after placing a compatible > > > > > > > libcrypto in the directory of execution, probably the first place > > > > > > > dlopen looks for it. Would you agree then that the error was caused > > > > > > > by loading an incompatible libcrypto? I'm inclined to think this is > a > > > > > > > configuration issue that should be well documented, as opposed to one > > > > > > > that should be addressed through code. Like you, I also tried > setting > > > > > > > the LD_LIBRARY_PATH environment variable with no success. I was able > > > > > > > to symlink the libcrypto in the usr/local/lib directory, though, > which > > > > > > > fixed the issue, but I agree this is a limitation. A user should be > > > > > > > able to run more than one instance of libcrypto on the same host. > I'm > > > > > > > unsure as to the best way to proceed. > > > > > > > > > > > > > > > > > > > > > On Thu, Aug 27, 2020 at 6:41 PM Gary Gregory <garydgreg...@gmail.com > > > > > > > > > wrote: > > > > > > > > > > > > > > > > On Mon, Aug 24, 2020 at 7:28 PM Alex Remily <alex.rem...@gmail.com > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > Gary, > > > > > > > > > > > > > > > > > > Can you check that your libcrypto.dylib is symlinked to the > > libcrypto > > > > > > > > > for OpenSSL 1.1.1.g? Mine wasn't, and I was getting different > > output > > > > > > > > > from the main function than from the unit test output. I'm not > > > > > > > > > confident that this is the root of the problem, but it may at > least > > > > > > > > > eliminate a possibility. > > > > > > > > > > > > > > > > > > On my machine I had to set /usr/local/lib/libcrypto.dylib --> > > > > > > > > > /usr/local/Cellar/openssl@1.1/1.1.1g/lib/libcrypto.1.1.dylib. > The > > > JNI > > > > > > > > > libraries use dlopen to find and load libcrypto, and dlopen looks > > for > > > > > > > > > > > > > > > > > > > > > > > > > That did not work for me. The only thing that works is copying the > > > dylib > > > > > > > > file to the current dir. Hack! > > > > > > > > > > > > > > > > Gary > > > > > > > > > > > > > > > > > > > > > > > > > it in /usr/local/lib/, among other places. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/dlopen.3.html > > > > > > > > > > > > > > > > > > If that doesn't work I'm going to need to step through the code. > > My > > > > > > > > > output: > > > > > > > > > > > > > > > > > > WARNING in native method: JNI call made without checking > exceptions > > > > > > > > > when required to from CallStaticObjectMethod > > > > > > > > > WARNING in native method: JNI call made without checking > exceptions > > > > > > > > > when required to from CallObjectMethod > > > > > > > > > Apache Commons Crypto 1.1.0-SNAPSHOT > > > > > > > > > Native code loaded OK 1.1.0-SNAPSHOT > > > > > > > > > Native Name Apache Commons Crypto > > > > > > > > > Native Built Aug 24 2020 > > > > > > > > > OpenSSL library loaded OK, version: 0x1010107f > > > > > > > > > OpenSSL library info OpenSSL 1.1.1g 21 Apr 2020 > > > > > > > > > Random instance created OK > > > > > > > > > Cipher instance created OK > > > > > > > > > Additional OpenSSL_version(n) details: > > > > > > > > > 1: compiler: clang -fPIC -arch x86_64 -O3 -Wall -DL_ENDIAN > > > > > > > > > -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 > > > > > > > > > -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 > -DOPENSSL_BN_ASM_GF2m > > > > > > > > > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM > > > > > > > > > -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM > > > > > > > > > -DX25519_ASM -DPOLY1305_ASM -D_REENTRANT -DNDEBUG > > > > > > > > > 2: built on: Tue Apr 21 13:29:43 2020 UTC > > > > > > > > > 3: platform: darwin64-x86_64-cc > > > > > > > > > 4: OPENSSLDIR: "/usr/local/etc/openssl@1.1" > > > > > > > > > 5: ENGINESDIR: "/usr/local/Cellar/openssl@1.1 > > > /1.1.1g/lib/engines-1.1" > > > > > > > > > > > > > > > > > > Alex > > > > > > > > > > > > > > > > > > On Sun, Aug 23, 2020 at 9:50 PM Gary Gregory < > > garydgreg...@gmail.com > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > I do have LibreSSL but I used homebrew to install OpenSSL > 1.1.1g > > > > > > > which I > > > > > > > > > > put first on the PATH. Maybe something is off in my setup... > > > > > > > > > > > > > > > > > > > > Gary > > > > > > > > > > > > > > > > > > > > On Sun, Aug 23, 2020, 21:46 Alex Remily <alex.rem...@gmail.com > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > Gary, > > > > > > > > > > > > > > > > > > > > > > I'll have a look. I did the 1.1 support stuff and I'm > familiar > > > > > > > with > > > > > > > > > > > that class and that error, although I don't recall seeing > that > > > > > > > > > > > specific error in that class. The JNI libraries check the > > > OpenSSL > > > > > > > > > > > version at runtime, but maybe a compile time dependency got > > > > > > > through. > > > > > > > > > > > > > > > > > > > > > > Out of curiosity, I assume you also have LibreSSL > installed? I > > > > > > > have > > > > > > > > > > > run into issues on my Mac with which librypto gets loaded by > > the > > > > > > > JNI > > > > > > > > > > > libraries during the dlsym. I wonder if the runtime is > > referring > > > > > > > to > > > > > > > > > > > one version and the JNI library is loading another. > > > > > > > > > > > > > > > > > > > > > > Anyway, I'll poke around and see what I can figure out. I'll > > try > > > > > > > to > > > > > > > > > > > get to it with the rest of the testing this week. > > > > > > > > > > > > > > > > > > > > > > Alex > > > > > > > > > > > > > > > > > > > > > > On Sun, Aug 23, 2020 at 11:18 AM Gary Gregory < > > > > > > > garydgreg...@gmail.com> > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > I wondering if anyone can confirm the following issue > and/or > > > help > > > > > > > > > explain > > > > > > > > > > > > it, on MacOS 10.15.6 with OpenSSL 1.1.1g, running: > > > > > > > > > > > > > > > > > > > > > > > > mvn package > > > > > > > > > > > > > > > > > > > > > > > > then: > > > > > > > > > > > > > > > > > > > > > > > > java -Xdiag -Xcheck:jni -cp target/classes > > > > > > > > > > > > -Dcommons.crypto.lib.tempdir=target/ > > > > > > > org.apache.commons.crypto.Crypto > > > > > > > > > > > > WARNING in native method: JNI call made without checking > > > > > > > exceptions > > > > > > > > > when > > > > > > > > > > > > required to from CallStaticObjectMethod > > > > > > > > > > > > WARNING in native method: JNI call made without checking > > > > > > > exceptions > > > > > > > > > when > > > > > > > > > > > > required to from CallObjectMethod > > > > > > > > > > > > Apache Commons Crypto 1.1.0-SNAPSHOT > > > > > > > > > > > > Native code loaded OK: 1.1.0-SNAPSHOT > > > > > > > > > > > > Native name: Apache Commons Crypto > > > > > > > > > > > > Native built: Aug 22 2020 > > > > > > > > > > > > Exception in thread "main" java.lang.UnsatisfiedLinkError: > > > > > > > > > > > OpenSSL_version > > > > > > > > > > > > at > > org.apache.commons.crypto.OpenSslInfoNative.OpenSSL(Native > > > > > > > > > Method) > > > > > > > > > > > > at org.apache.commons.crypto.Crypto.main(Crypto.java:144) > > > > > > > > > > > > > > > > > > > > > > > > I wonder if we have issues on 1.1.x vs 1.0.x. > > > > > > > > > > > > > > > > > > > > > > > > My versions: > > > > > > > > > > > > > > > > > > > > > > > > openssl version > > > > > > > > > > > > OpenSSL 1.1.1g 21 Apr 2020 > > > > > > > > > > > > > > > > > > > > > > > > mvn -version > > > > > > > > > > > > Apache Maven 3.6.3 > (cecedd343002696d0abb50b32b541b8a6ba2883f) > > > > > > > > > > > > Maven home: /opt/apache-maven-3.6.3 > > > > > > > > > > > > Java version: 1.8.0_265, vendor: AdoptOpenJDK, runtime: > > > > > > > > > > > > > > > > > > > > > > > > /Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/jre > > > > > > > > > > > > Default locale: en_US, platform encoding: UTF-8 > > > > > > > > > > > > OS name: "mac os x", version: "10.15.6", arch: "x86_64", > > > family: > > > > > > > > > "mac" > > > > > > > > > > > > > > > > > > > > > > > > Thank you, > > > > > > > > > > > > Gary > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Sat, Aug 22, 2020 at 7:48 PM Gary Gregory < > > > > > > > garydgreg...@gmail.com > > > > > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > Hi all, > > > > > > > > > > > > > > > > > > > > > > > > > > I intent on creating a release candidate for Commons > Crypto > > > > > > > soon. > > > > > > > > > > > > > > > > > > > > > > > > > > I pushed a snapshot today which contains native binaries > > for > > > > > > > > > Windows 32 > > > > > > > > > > > > > and 64, Linux 32 and 64, Mac 64, and ARM and ARM HF. > > > > > > > > > > > > > > > > > > > > > > > > > > Please help testing these on whatever platforms you may > > have > > > > > > > > > access to. > > > > > > > > > > > > > > > > > > > > > > > > > > Gary > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > > > > > > > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > > > > > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > > > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > > > > > > > > > > > > -- > > Matt Sicker <boa...@gmail.com> > > >
