RedHat 8.6 libk5crypto.so.3 misses symbol EVP_KDF with openssl 1.1.1l
Tomas Mraz
tomas at openssl.org
Tue Nov 8 07:26:54 UTC 2022
Hi,
Red Hat patches its OpenSSL implementation with some additional API
calls. That means you cannot use builds from an unpatched upstream
OpenSSL tarball in place of the system libcrypto and libssl libraries.
The proper way is to always obtain updated system packages from your
vendor, i.e., Red Hat. Otherwise you would have to try to update the
source rpm package from RHEL with new openssl version keeping the
patches that Red Hat adds to it. That is definitely not a trivial
endeavour.
If, for some reason, you need newer OpenSSL package for some particular
application that you install to the system, it should be possible to
keep the system openssl package untouched, install the upstream OpenSSL
package somewhere into /opt or /usr/local, and link that application
against this installation of OpenSSL.
The primary question to ask is - why do you need to install
openssl 1.1.1l on RHEL-8.6?
Tomas Mraz, OpenSSL
On Tue, 2022-11-08 at 07:17 +0100, Matthias Apitz wrote:
>
> Hello,
>
> We compile openssl 1.1.1l from the sources and run on RedHat 8.6 into
> the
> problem that the system shared lib /usr/lib64/libk5crypto.so.3 misses
> a
> symbol from openssl:
>
> # objdump -TC /usr/lib64/libk5crypto.so.3 | grep EVP_KDF
> 0000000000000000 DF *UND* 0000000000000000 OPENSSL_1_1_1b
> EVP_KDF_ctrl
> 0000000000000000 DF *UND* 0000000000000000 OPENSSL_1_1_1b
> EVP_KDF_CTX_new_id
> 0000000000000000 DF *UND* 0000000000000000 OPENSSL_1_1_1b
> EVP_KDF_CTX_free
> 0000000000000000 DF *UND* 0000000000000000 OPENSSL_1_1_1b
> EVP_KDF_derive
>
> # objdump -TC libssl.so.1.1 | grep EVP_KDF
> (nix)
>
> I checked also the sources 1.1.1l and 1.1.1s, there are a lot of
> 'EVP_*'
> symbols, but not EVP_KDF_ctrl.
>
> What is the correct way to fix this. Thanks in advance.
>
> matthias
>
--
Tomáš Mráz, OpenSSL
More information about the openssl-users
mailing list