Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reading PEM/DER from an IO object fails with "no OPENSSL_Applink" error on mswin Ruby #128

Closed
MSP-Greg opened this issue Jul 5, 2017 · 3 comments
Closed

Reading PEM/DER from an IO object fails with "no OPENSSL_Applink" error on mswin Ruby #128

MSP-Greg opened this issue Jul 5, 2017 · 3 comments

Comments

@MSP-Greg
Copy link
Contributor

MSP-Greg commented Jul 5, 2017
edited

Please see Ruby 13718 net/* tests using OpenSSL::PKey::RSA and OpenSSL::X509::Certificate for full info.

When running tests on a mswin trunk build with OpenSSL 1.1.0f, I have a silent stop with the following error:

OPENSSL_Uplink(000007FEEE4EE360,08): no OPENSSL_Applink

As mentioned in the issue, the current tests pass a File instance to OpenSSL::PKey::RSA.new and OpenSSL::X509::Certificate.new, instead of a string.

I assume an error should be generated, or they should accept a File/IO object, but they shouldn't silent stop with the above error.
@rhenium
Copy link
Member

rhenium commented Jul 6, 2017

Thanks for the report, I could reproduce the problem with my x64-mswin64_140 Ruby by opening 20 files at a same time:

File.write("pkey.pem", OpenSSL::PKey::RSA.new(512).to_pem)
20.times.map { File.open("pkey.pem") }.each { |f| OpenSSL::PKey::RSA.new(f) }

The cause is that we don't provide OPENSSL_Applink(), but apparently OpenSSL only looks up the symbol in the application[1] (ruby.exe, in this case) where we can't place one.

I haven't come up with a good solution yet.

[1] https://github.com/openssl/openssl/blob/60eba30f60de55e3c782469fa555eede82606099/ms/uplink.c#L63

@rhenium rhenium changed the title no OPENSSL_Applink , silent SEGV in Ruby test-all Reading PEM/DER from an IO object fails with "no OPENSSL_Applink" error on mswin Ruby Jul 6, 2017
@MSP-Greg
Copy link
Contributor Author

MSP-Greg commented Jul 6, 2017

Thanks for looking into it. I'm not that much of an OpenSSL user, so I don't know if IO would be a typical application. I assume your build works fine with strings?

Also, if IO is common, maybe someone could (me?) could revise the docs to show that either strings or IO can be used?

I came across the issue running test-all, but verified it using:

ruby runner.rb -j3 -Ilib --show-skip net/ftp

on the test folder...

rhenium added a commit to rhenium/ruby-openssl that referenced this issue Jul 11, 2017
@rhenium
bio: do not use the FILE BIO method in ossl_obj2bio()
f842b0d 
Read everything from an IO object into a String first and use the
memory buffer BIO method just as we do for String inputs.

For MSVC builds, the FILE BIO method uses the "UPLINK" interface that
requires the application to provide OPENSSL_Applink() function. For us,
the "application" means ruby.exe, in which we can't do anything. As a
workaround, avoid using the FILE BIO method at all.

Usually private keys or X.509 certificates aren't that large and the
temporarily increased memory usage hopefully won't be an issue.

Fixes: ruby#128
@rhenium
Copy link
Member

rhenium commented Jul 11, 2017

Only the FILE BIO method and the file descriptor BIO method use the UPLINK interface, so yes, reading from String should work well on all platforms.

I have made it not use the FILE BIO at all by f842b0d. Thanks.

@rhenium rhenium closed this as completed Jul 11, 2017
@rhenium rhenium mentioned this issue Feb 15, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rhenium @MSP-Greg