iOS crashes when built in release mode

[KolbyRKunz]

When using anoncreds in a release build iOS will crash whenever it tries to make a call into anoncreds from React Native. This is being used in a Credo based project. It occurs when using Credo 0.4.2 and Credo 0.5. This also appears to happen with the version 1 and version 2.2 of anoncreds. Initial attempts to resolve this by removing flipper as suggested in this credo issue have not worked. The app runs fine in a development build but when packaged for release it either runs into an EXEC_BAD_ACCESS, SIGABRT or does not crash and has a Error code 1024 - Invalid state: Internal OpenSSL error: error:0180006c:bignum routines:BN_mod_inverse:no inverse:crypto/bn/bngcd.c:532 then crashes on any additional attempts with one of the two aforementioned errors.

cc: @genaris

[berendsliedrecht]

Do you have a reproducible example for this? Colliding OpenSSL versions of other dependencies has been a big source of issues like these..

It's annoying we have to keep openssl due to its great performance, but I wish we could just move to rustls or something else..

[KolbyRKunz]

It was colliding version. We had an old dependency make it way back into our branch from some merges that caused the error.

[andrewwhitehead]

@berendsliedrecht We might be able to remove the OpenSSL dependency soon with this update:
LF-Decentralized-Trust-labs/agora-glass_pumpkin#24

[berendsliedrecht]

@berendsliedrecht We might be able to remove the OpenSSL dependency soon with this update:

LF-Decentralized-Trust-labs/agora-glass_pumpkin#24

Oh that's amazing! Maybe we can keep OpenSSL in but the default will be glass pumpkin.

[genaris]

I'm experiencing a similar issue now that I added to my iOS app a library that depends on OpenSSL-Universal 1.1.1900 (OpenSSL 1.1.1q).

@KolbyRKunz when you said that it was a "colliding version", do you remember which ones you were using in your dependency that caused these troubles?

@berendsliedrecht you mentioned that you experienced this kind of issues. Do you know which versions are safe to use alongside AnonCreds RS at this moment?

[KolbyRKunz]

@genaris It has been too long that I do not remember. We were able to just remove the old dependency but the issue was caused by breaking api changes in OpenSSL iirc. That makes it difficult to patch unless you can potentially downgrade the dependency to match the OpenSSL version anoncreds uses. Not sure what other help I can offer at the moment. Good luck

[genaris]

Thanks... At the moment it is hard for me to understand which OpenSSL version is the correct one: the latest AnonCreds release (v0.2.0) has been built in Feb 13 2024 using macos-latest GH Runner image. At that moment, it shipped 1.1.1w, so I upgraded the conflicting library to depend on OpenSSL-Universal 1.1.2301 (1.1.1w), but every call to AnonCreds is still throwing EXEC_BAD_ACCESS.

Any help would be greatly appreciated!

[genaris]

Just in case it is useful for anyone experiencing this problem: OpenSSL version used in AnonCreds v0.2.0 appears to be the one used by anoncreds-clsignatures-rs v0.3.2, which, according to its dependency on openssl-src, is 3.2.1 (see its Cargo lock file).