Why Bsymbolic link option does not work in 1.0.0 and later ?

Thu, 13 Nov 2014 17:23:48 -0800 

Hi, All

I am a designer in Korea.
During implementing our product with openssl, I have found very
strange symptoms.
First, our product(CPU:MIPS, OS:Linux) has one executable binary and
it is linked to -lcrypto -lssl to support TLS.

Unfortunately, this executable binary has its own
MD5_Init,Update,Final function with different prototype from those of
openssl.
So, runtime symbol collision happened, I think.
That is to say, the following openssl code does not call the openssl
inner MD5_Init. It calls outside MD5_Init.

./crypto/evp/m_md5.c
static int init(EVP_MD_CTX *ctx)
    { return MD5_Init(ctx->md_data); }

And hence, SSL handshake failure is being observed due to broken stack.

But, this symptom is seen in only 1.0.0 and later version.
If we use 0.9.8 version, it calls openssl inner MD5_Init successfully.
As far as I know, Bsymbolic linker option forces .so to call its own
function first, but it looks to work under only 0.9.8.
I don't understand why it does not work under 1.0.0 and later.

I know I have only to move Name "MD5_xxx" of executable to other one
(MD5_xxx2) then result is OK,
But, MD5_Init,Update,Final in executable are being used in so many
files, so I don't want to cause unexpected regression.

Now, I patched tentative fix like this to avoid collision and it
works, but risky :-(.

./include/openssl/md5.h
#pragma GCC visibility push(hidden)
int MD5_Init(MD5_CTX *c);
int MD5_Update(MD5_CTX *c, const void *data, size_t len);
int MD5_Final(unsigned char *md, MD5_CTX *c);
#pragma GCC visibility pop

Do you have any idea why 0.9.8 can avoid symbol conflict but 1.0.0 &
1.0.1 cannot do that ??
And how can I fix it ?


[/local/emyecho/BA] -> nm executable | grep MD5_
007b2dec T MD5_Final
007b1e80 T MD5_Init
007b1ebc t MD5_Transform
007b2c58 T MD5_Update
[/local/emyecho/BA] -> nm libcrypto.so | grep MD5_
000410b8 T MD5_Final
00041040 T MD5_Init
00041024 T MD5_Transform
00041298 T MD5_Update
00165bb0 R MD5_version
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to