SSL_CTX_new:无法加载ssl2 md5例程

时间:2015-07-21 21:09:20

标签: c perl ssl openssl swig

我们在运行使用OpenSSL构建的程序时遇到问题。我们遇到的具体错误是: global error: SSL Context init failed error:140A90F1:SSL routines:SSL_CTX_new:unable to load ssl2 md5 routines

上下文是C library,由Perl library使用SWIG包装。尝试使用Perl库连接到HTTPS地址时发生错误。

例如,此代码将导致错误:

#These are just the imports I felt were relevant to this problem
use LWP::UserAgent;
use HTTP::Request;
use LWP::Protocol::https;
use IO::Socket::SSL;

sub test_can_connect_to_bitpay_api {
  my $uri = "https://www.google.com";
  my $pem = Business::OnlinePayment::BitPay::KeyUtils::bpGeneratePem();
  my $sin = Business::OnlinePayment::BitPay::KeyUtils::bpGenerateSinFromPem($pem);
  my $request = HTTP::Request->new(POST => $uri);
  my $ua = LWP::UserAgent->new;
  my $response = $ua->request($request);
  ok($response->is_success, "TEST CONNECTION");
}

但是,如果未对bpGenerateSinFromPem()进行调用,则相同的代码不会出错。

bpGenerateSinFromPem是* .i文件中的包装函数。

%inline %{
  char *bpGenerateSinFromPem(char *pem) {
    char *ret = malloc(sizeof(char)*36);
    char *err = "ERROR";
    int errorCode;

    errorCode = generateSinFromPem(pem, &ret);

    if (errorCode == NOERROR) {
      return ret;
    } else {
      return err;
    }

  }
%}

调用C函数:

int GenerateSinFromPem(char *pem, char **sin) {

    char *pub =     calloc(67, sizeof(char));

    u_int8_t *outBytesPub = calloc(SHA256_STRING, sizeof(u_int8_t));
    u_int8_t *outBytesOfStep1 = calloc(SHA256_STRING, sizeof(u_int8_t));
    u_int8_t *outBytesOfStep3 = calloc(RIPEMD_AND_PADDING_STRING, sizeof(u_int8_t));
    u_int8_t *outBytesOfStep4a = calloc(SHA256_STRING, sizeof(u_int8_t));

    char *step1 =   calloc(SHA256_HEX_STRING, sizeof(char));
    char *step2 =   calloc(RIPEMD_HEX_STRING, sizeof(char));
    char *step3 =   calloc(RIPEMD_AND_PADDING_HEX_STRING, sizeof(char));
    char *step4a =  calloc(SHA256_HEX_STRING, sizeof(char));
    char *step4b =  calloc(SHA256_HEX_STRING, sizeof(char));
    char *step5 =   calloc(CHECKSUM_STRING, sizeof(char));
    char *step6 =   calloc(RIPEMD_AND_PADDING_HEX + CHECKSUM_STRING, sizeof(char));

    char *base58OfStep6 = calloc(SIN_STRING, sizeof(char));

    getPublicKeyFromPem(pem, &pub);
    pub[66] = '\0';

    createDataWithHexString(pub, &outBytesPub);
    digestOfBytes(outBytesPub, &step1, "sha256", SHA256_STRING);
    step1[64] = '\0';

    createDataWithHexString(step1, &outBytesOfStep1);
    digestOfBytes(outBytesOfStep1, &step2, "ripemd160", SHA256_DIGEST_LENGTH);
    step2[40] = '\0';

    memcpy(step3, "0F02", 4);
    memcpy(step3+4, step2, RIPEMD_HEX);
    step3[44] = '\0';

    createDataWithHexString(step3, &outBytesOfStep3);
    digestOfBytes(outBytesOfStep3, &step4a, "sha256", RIPEMD_AND_PADDING);
    step4a[64] = '\0';

    createDataWithHexString(step4a, &outBytesOfStep4a);
    digestOfBytes(outBytesOfStep4a, &step4b, "sha256", SHA256_DIGEST_LENGTH);
    step4b[64] = '\0';

    memcpy(step5, step4b, CHECKSUM);

    sprintf(step6, "%s%s", step3, step5);
    step6[RIPEMD_AND_PADDING_HEX + CHECKSUM] = '\0';

    base58encode(step6, base58OfStep6);
    base58OfStep6[SIN] = '\0';
    memcpy(*sin, base58OfStep6, SIN_STRING);

    free(pub);
    free(step1);
    free(step2);
    free(step3);
    free(step4a);
    free(step4b);
    free(step5);
    free(step6);
    free(base58OfStep6);

    free(outBytesPub);
    free(outBytesOfStep1);
    free(outBytesOfStep3);
    free(outBytesOfStep4a);
    return NOERROR;
}

最后调用digestOfBytes()方法:

static int digestOfBytes(uint8_t *message, char **output, char *type, int inLength) {
    EVP_MD_CTX *mdctx;
    const EVP_MD *md;
    unsigned char md_value[EVP_MAX_MD_SIZE];
    unsigned int md_len, i;

    OpenSSL_add_all_digests();

    md = EVP_get_digestbyname(type);
    mdctx = EVP_MD_CTX_create();
    EVP_DigestInit_ex(mdctx, md, NULL);
    EVP_DigestUpdate(mdctx, message, inLength);
    EVP_DigestFinal_ex(mdctx, md_value, &md_len);
    EVP_MD_CTX_destroy(mdctx);

    char *digest = calloc((md_len*2) + 1, sizeof(char));
    for(i = 0; i < md_len; i++){
      sprintf(&digest[2*i], "%02x", md_value[i]);
    };
    digest[md_len * 2] = '\0';
    memcpy(*output, digest, strlen(digest));
    free(digest);
    /* Call this once before exit. */
    EVP_cleanup();
    return 0;
}

似乎有可能这是因为我们的C库中没有释放一些资源,但看起来我们正在释放所有可以释放的内存。为什么我们会看到这场冲突?

1 个答案:

答案 0 :(得分:0)

我们对这个问题的暂时的,可能是非常糟糕的解决方案是消除 digestOfBytes()方法中对import wave space_oddity = wave.open('space_oddity.wav','rb') 的调用。

显然发生的事情是这样的:我们导入的Perl库使用openSSL,并通过 OpenSSL_add_all_x 之类加载表。因为EVP_Cleanup() is global,Perl库(可能是LWP :: Protocol :: https)在查找算法时无法找到算法表。

虽然这有效,但我真的更愿意做一些更安全的事情......不清理就像是一个草率的解决方案。