Ok, we've got a bit more information. Here's a test file (we have it saved as "test-hmac.c"):<br><br>#include <openssl/hmac.h><br>#include <stdio.h><br><br>int main(int argc, char** argv) {<br>
unsigned char foo[10] = "boo";<br> unsigned char* res = malloc(20);<br> printf("%s\n", SHA1(foo, 10, res));<br> free(res);<br>}<br> <br>We built this on the Debian 5.0 system in question, using gcc -lcrypto test-hmac.c. If we run it as-is, it works. If we change:<br>
<br> printf("%s\n", SHA1(foo, 10, res));<br>to<br> printf("%s\n", SHA1(foo, 10, 0));<br><br>...it segfaults. Here is the code from web-server/stuffers/hmac-sha1.ss:<br><br>(define HMAC-SHA1/raw<br> (if libcrypto<br>
(get-ffi-obj 'HMAC libcrypto<br> (_fun [EVP_MD : _fpointer = (EVP_SHA1)]<br> [key : _bytes]<br> [key_len : _int = (bytes-length key)]<br> [data : _bytes]<br>
[data_len : _int = (bytes-length data)]<br> [md : _int = 0]<br> [md_len : _int = 0] ;; @@@@ Note the "0" here.<br> f-><br>
_pointer))<br> (lambda (key data) (error 'HMAC-SHA1/raw "libcrypto could not load"))))<br><br> <br>The last argument to the SHA1() function is where to put the result. When passed a NULL, it allocates its own return space. We are guessing that, on the Debian box, NULL is defined to something other than 0, so when it receives a literal 0, it tries to write to 0x0 and segfaults.<br>
<br>We're trying to track down where NULL is defined now. <br><br>Dave<br>