Debugging ssh-keygen dsa on Solaris8
Andy Polyakov
appro at fy.chalmers.se
Thu Jul 26 20:32:13 EST 2001
> > I have some good news to report:
> >
> > 1) Doing the following worked:
> >
> > Please change line 69 in openssl-0.9.6b/crypto/dsa/dsa_lib.c from
> > > > static DSA_METHOD *default_DSA_method;
> > > > to
> > > > static DSA_METHOD *default_DSA_method = NULL;
>
> Ok. I have checked in this change to the OpenSSL repository, so that it
> will be fixed in the next release. Up to then it is a point for the
> FAQ or KNOWN_BUGS section...
There is one thing that is definitely different between 0.9.5 and 0.9.6.
0.9.6 is unconditionally compiled with -[Kf]PIC flag, i.e. regardless
whether or not you intend to produce shared libraries(*). In general it
shouldn't be a problem, it is perfectly possible to statically link PIC
objects (it's even possible to link none-PIC objects into .so
libraries(**)). The fact that we see contradicting report ("nothing
works", "everything works", "works everywhere but one workstation") must
be an indication of a bug in the way PICs are handled which was
eventually fixed (at least there is linker patch #109147-09, updated a
month ago, covering ld.so). One of course may wonder why does explicit
initialization make the the problem go away? Well, it should be noted
that explicit initialization effectively moves the variable from .bss to
.data* segment. Now if buggy ld.so does better job on .data segment(s)
than on .bss segment (at least those parts "belonging" to statically
linked PICs), then...
I wonder if Lukas (<ruf at tik.ee.ethz.ch> who had that only machine
failing to generate DSA key-pair) could run 'showrev -p | grep 109147'
on that machine and others and compare output? What output does Scott
get?
(*) given the output from dbx posted earlier, Scott didn't produce .so
libraries (Scott! Don't!:-)
(**) yes, it is possible to put none-PICs into .so. Run-time linker
shall fix-up all the unresolved references at the cost of making all the
pages containing none-PIC private (kind of obsoletes the idea of .so)
and potentially longer start-up time (because of page privatization and
because there might be way more unresolved references in none-PIC object
than in PIC).
Andy.
More information about the openssh-unix-dev
mailing list