[openssl-dev] afalg with OpenSSL 1.1.0f 25 May 2017
Matt Caswell
matt at openssl.org
Mon Aug 14 15:44:18 UTC 2017
Comments inserted.
On 14/08/17 08:20, Jitendra Lulla wrote:
> Hi,
>
> I am trying to use afalg on Linux 4.9.37 with OpenSSL 1.1.0f.
>
> I am facing 2 issues:
>
> ONE: when I issue the speed command, I see the following:
>
> [root at localhost apps]# ./openssl speed -evp aes-128-cbc -engine afalg
> invalid engine "afalg"
> 139853452924736:error:2506406A:DSO support routines:dlfcn_bind_func:could not bind to the requested symbol name:crypto/dso/dso_dlfcn.c:178:symname(bind_engine): /usr/local/lib64/engines-1.1/afalg.so: undefined symbol: bind_engine
> 139853452924736:error:2506C06A:DSO support routines:DSO_bind_func:could not bind to the requested symbol name:crypto/dso/dso_lib.c:185:
> 139853452924736:error:260B6068:engine routines:dynamic_load:DSO failure:crypto/engine/eng_dyn.c:427:
> 139853452924736:error:2606A074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:339:id=afalg
> 139853452924736:error:25066067:DS
>
>
> nm afalg.so doesn't show bind_engine
>
Assuming you have already successfully built OpenSSL using "make", from
the "test" subdir of the directory where you downloaded the source, what
happens if you execute:
OPENSSL_ENGINES=../engines/afalg ../util/shlib_wrap.sh ./afalgtest
Another thing to try is (from the top level source dir)
touch engines/afalg/e_afalg.c
make
Check to see if there are any warnings generated during the compilation
of the engine.
>
> When I modify the openssl.cnf file with the engine name and the CIPHERS, still I dont get it working. The command output and the change in the openssl.cnf pasted at the end of the mail.
>
>
> TWO: I had to create a softlink to libcrypto.so.1.1 and libssl.so.1.1 like the following to make openssl command work:
> ln -s /usr/local/lib64/libssl.so.1.1 /lib64/libssl.so.1.1
> ln -s /usr/local/lib64/libcrypto.so.1.1 /lib64/libcrypto.so.1.1
>
> Is creating the softlinks a known issue and will be fixed?
No, this will not be fixed and may not be the most appropriate thing to
do on all systems.
Matt
>
> I have pasted the complete information about the OS/distro environment and installation commands I ran at the bottom.
> Could you please suggest what wrong I am doing to make afalg work.
>
> Thanks
> Jitendra Lulla
>
> ========
>
>
> BEFORE INSTALLATION:
>
> [root at localhost jlulla]# rpm -qa |grep openssl
> openssl-1.0.1e-60.el7.x86_64
> openssl-devel-1.0.1e-60.el7.x86_64
> openssl-libs-1.0.1e-60.el7.x86_64
>
> [root at localhost jlulla]# openssl version
> OpenSSL 1.0.1e-fips 11 Feb 2013
>
>
>
> PLEASE SEE FROM HERE PLEASE SEE FROM HERE PLEASE SEE FROM HERE----------------------------
>
> STEP 1 : SOURCE TAKEN FROM https://www.openssl.org/source/openssl-1.1.0f.tar.gz 2017-May-25 13:09:51
>
> [root at localhost jlulla]# uname -a
> Linux localhost.localdomain 4.9.37 #1 SMP Fri Jul 21 04:52:46 PDT 2017 x86_64 x86_64 x86_64 GNU/Linux
>
> [root at localhost jlulla]# cat /etc/redhat-release
> Red Hat Enterprise Linux Server release 7.3 (Maipo)
>
>
>
> [root at localhost openssl-1.1.0f]# pwd
> /home/jlulla/openssl-1.1.0f
>
> STEP 2: [root at localhost openssl-1.1.0f]# ./config shared enable-engine enable-dso enable-afalgeng
> Operating system: x86_64-whatever-linux2
> Configuring for linux-x86_64
> Configuring OpenSSL version 1.1.0f (0x1010006fL)
> no-asan [default] OPENSSL_NO_ASAN
> no-crypto-mdebug [default] OPENSSL_NO_CRYPTO_MDEBUG
> no-crypto-mdebug-backtrace [default] OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
> no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128
> no-egd [default] OPENSSL_NO_EGD
> no-fuzz-afl [default] OPENSSL_NO_FUZZ_AFL
> no-fuzz-libfuzzer [default] OPENSSL_NO_FUZZ_LIBFUZZER
> no-heartbeats [default] OPENSSL_NO_HEARTBEATS
> no-md2 [default] OPENSSL_NO_MD2 (skip dir)
> no-msan [default] OPENSSL_NO_MSAN
> no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
> no-sctp [default] OPENSSL_NO_SCTP
> no-ssl-trace [default] OPENSSL_NO_SSL_TRACE
> no-ssl3 [default] OPENSSL_NO_SSL3
> no-ssl3-method [default] OPENSSL_NO_SSL3_METHOD
> no-ubsan [default] OPENSSL_NO_UBSAN
> no-unit-test [default] OPENSSL_NO_UNIT_TEST
> no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS
> no-zlib [default]
> no-zlib-dynamic [default]
> Configuring for linux-x86_64
> CC =gcc
> CFLAG =-Wall -O3 -pthread -m64 -DL_ENDIAN -Wa,--noexecstack
> SHARED_CFLAG =-fPIC -DOPENSSL_USE_NODELETE
> DEFINES =DSO_DLFCN HAVE_DLFCN_H NDEBUG OPENSSL_THREADS OPENSSL_NO_STATIC_ENGINE OPENSSL_PIC OPENSSL_IA32_SSE2 OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM SHA512_ASM RC4_ASM MD5_ASM AES_ASM VPAES_ASM BSAES_ASM GHASH_ASM ECP_NISTZ256_ASM PADLOCK_ASM POLY1305_ASM
> LFLAG =
> PLIB_LFLAG =
> EX_LIBS =-ldl
> APPS_OBJ =
> CPUID_OBJ =x86_64cpuid.o
> UPLINK_OBJ =
> BN_ASM =asm/x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
> EC_ASM =ecp_nistz256.o ecp_nistz256-x86_64.o
> DES_ENC =des_enc.o fcrypt_b.o
> AES_ENC =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
> BF_ENC =bf_enc.o
> CAST_ENC =c_enc.o
> RC4_ENC =rc4-x86_64.o rc4-md5-x86_64.o
> RC5_ENC =rc5_enc.o
> MD5_OBJ_ASM =md5-x86_64.o
> SHA1_OBJ_ASM =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
> RMD160_OBJ_ASM=
> CMLL_ENC =cmll-x86_64.o cmll_misc.o
> MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o
> PADLOCK_OBJ =e_padlock-x86_64.o
> CHACHA_ENC =chacha-x86_64.o
> POLY1305_OBJ =poly1305-x86_64.o
> BLAKE2_OBJ =
> PROCESSOR =
> RANLIB =ranlib
> ARFLAGS =
> PERL =/usr/bin/perl
>
> SIXTY_FOUR_BIT_LONG mode
>
> Configured for linux-x86_64.
> [root at localhost openssl-1.1.0f]#
>
> make didnt give any error.
>
> make install didnt give any error
>
> updatedb
>
> STEP 2:
> [root at localhost openssl-1.1.0f]# md5sum /home/jlulla/openssl-1.1.0f/libssl.so.1.1 /usr/local/lib64/libssl.so.1.1
> 5a7264a3ebda22989c831794d30677c5 /home/jlulla/openssl-1.1.0f/libssl.so.1.1
> 5a7264a3ebda22989c831794d30677c5 /usr/local/lib64/libssl.so.1.1
>
> [root at localhost openssl-1.1.0f]# ls -l /home/jlulla/openssl-1.1.0f/libssl.so
> lrwxrwxrwx. 1 root root 13 Aug 10 23:45 /home/jlulla/openssl-1.1.0f/libssl.so -> libssl.so.1.1
>
>
> [root at localhost apps]# pwd
> /home/jlulla/openssl-1.1.0f/apps
> [root at localhost apps]# ./openssl
> ./openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
>
> [root at localhost apps]# ldd ./openssl
> linux-vdso.so.1 => (0x00007ffd02f3c000)
> libssl.so.1.1 => not found
> libcrypto.so.1.1 => not found
> libdl.so.2 => /lib64/libdl.so.2 (0x00007f0439fda000)
> libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f0439dbe000)
> libc.so.6 => /lib64/libc.so.6 (0x00007f04399fc000)
> /lib64/ld-linux-x86-64.so.2 (0x000055d618530000)
>
>
> [root at localhost apps]# ls -l /lib64/libssl.so.1.1
> ls: cannot access /lib64/libssl.so.1.1: No such file or directory
>
> ln -s /usr/local/lib64/libssl.so.1.1 /lib64/libssl.so.1.1
>
> STEP 3:
> [root at localhost apps]# ln -s /usr/local/lib64/libssl.so.1.1 /lib64/libssl.so.1.1
> [root at localhost apps]# ls -l /lib64/libssl.so.1.1
> lrwxrwxrwx. 1 root root 30 Aug 10 23:57 /lib64/libssl.so.1.1 -> /usr/local/lib64/libssl.so.1.1
>
>
> [root at localhost apps]# ln -s /usr/local/lib64/libcrypto.so.1.1 /lib64/libcrypto.so.1.1
> [root at localhost apps]# ls -l /lib64/libcrypto.so.1.1
> lrwxrwxrwx. 1 root root 33 Aug 10 23:58 /lib64/libcrypto.so.1.1 -> /usr/local/lib64/libcrypto.so.1.1
>
> [root at localhost apps]# ldd ./openssl
> linux-vdso.so.1 => (0x00007ffd37b5e000)
> libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f82881f8000)
> libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007f8287d73000)
> libdl.so.2 => /lib64/libdl.so.2 (0x00007f8287b6e000)
> libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f8287952000)
> libc.so.6 => /lib64/libc.so.6 (0x00007f8287591000)
> /lib64/ld-linux-x86-64.so.2 (0x000055f06bc67000)
>
>
> [root at localhost apps]# ./openssl version
> OpenSSL 1.1.0f 25 May 2017
>
>
> STEP 4:
> [root at localhost afalg]# pwd
> /home/jlulla/openssl-1.1.0f/engines/afalg
>
> [root at localhost afalg]# ls
> afalg.so build.info e_afalg.c e_afalg.d e_afalg.ec e_afalg_err.c e_afalg_err.d e_afalg_err.h e_afalg_err.o e_afalg.h e_afalg.o
>
> [root at localhost afalg]# ldd afalg.so
> linux-vdso.so.1 => (0x00007fff1d7ef000)
> libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007f3a80166000)
> libdl.so.2 => /lib64/libdl.so.2 (0x00007f3a7ff62000)
> libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3a7fd45000)
> libc.so.6 => /lib64/libc.so.6 (0x00007f3a7f984000)
> /lib64/ld-linux-x86-64.so.2 (0x0000560991976000)
>
>
> [root at localhost afalg]# nm afalg.so
> 0000000000202060 d AFALG_error_init
> 0000000000202220 b AFALG_lib_error_code
> 0000000000202160 d AFALG_str_functs
> 0000000000202080 d AFALG_str_reasons
> 0000000000202210 B __bss_start
> 0000000000202210 b completed.6344
> w __cxa_finalize@@GLIBC_2.2.5
> 0000000000000a00 t deregister_tm_clones
> 0000000000000a70 t __do_global_dtors_aux
> 0000000000201da0 t __do_global_dtors_aux_fini_array_entry
> 0000000000201db0 d __dso_handle
> 0000000000201db8 d _DYNAMIC
> 0000000000202210 D _edata
> 0000000000202228 B _end
> 0000000000000af0 T engine_load_afalg_int
> 0000000000000bb0 T ERR_AFALG_error
> U ERR_get_next_error_library@@OPENSSL_1_1_0
> 0000000000000b00 T ERR_load_AFALG_strings
> U ERR_load_strings@@OPENSSL_1_1_0
> U ERR_put_error@@OPENSSL_1_1_0
> 0000000000000b60 T ERR_unload_AFALG_strings
> U ERR_unload_strings@@OPENSSL_1_1_0
> 0000000000000bf8 T _fini
> 0000000000000ab0 t frame_dummy
> 0000000000201d98 t __frame_dummy_init_array_entry
> 0000000000000eb8 r __FRAME_END__
> 0000000000202000 d _GLOBAL_OFFSET_TABLE_
> w __gmon_start__
> 0000000000000970 T _init
> w _ITM_deregisterTMCloneTable
> w _ITM_registerTMCloneTable
> 0000000000201da8 d __JCR_END__
> 0000000000201da8 d __JCR_LIST__
> w _Jv_RegisterClasses
> 0000000000000a30 t register_tm_clones
> 0000000000202210 d __TMC_END__
>
>
> [root at localhost openssl-1.1.0f]# locate afalg.so
> /home/jlulla/openssl-1.1.0f/engines/afalg/afalg.so
> /usr/local/lib64/engines-1.1/afalg.so
>
>
> [root at localhost openssl-1.1.0f]# md5sum /home/jlulla/openssl-1.1.0f/engines/afalg/afalg.so /usr/local/lib64/engines-1.1/afalg.so
> ec273faa6eb6e25f55e44a7d37adf195 /home/jlulla/openssl-1.1.0f/engines/afalg/afalg.so
> ec273faa6eb6e25f55e44a7d37adf195 /usr/local/lib64/engines-1.1/afalg.so
>
>
> [root at localhost apps]# date
> Fri Aug 11 00:01:10 PDT 2017
>
>
> [root at localhost apps]# ls -l /usr/local/ssl/openssl.cnf
> -rw-r--r--. 1 root root 10771 Aug 10 23:47 /usr/local/ssl/openssl.cnf
>
> [root at localhost apps]# md5sum /usr/local/ssl/openssl.cnf /home/jlulla/openssl-1.1.0f/apps/openssl.cnf
> f697ef5df0d006882e6326606e8dbf4a /usr/local/ssl/openssl.cnf
> f697ef5df0d006882e6326606e8dbf4a /home/jlulla/openssl-1.1.0f/apps/openssl.cnf
>
>
> openssl.cnf has the following:
> ..
> ..
> # Extra OBJECT IDENTIFIER info:
> #oid_file = $ENV::HOME/.oid
> oid_section = new_oids
>
> # To use this configuration file with the "-extfile" option of the
> # "openssl x509" utility, name here the section containing the
> # X.509v3 extensions to use:
> # extensions =
> # (Alternatively, use a configuration file that has only
> # X.509v3 extensions in its main [= default] section.)
>
> ..
> ..
>
> [root at localhost apps]# ./openssl speed -evp aes-128-cbc -engine afalg
> invalid engine "afalg"
> 139853452924736:error:2506406A:DSO support routines:dlfcn_bind_func:could not bind to the requested symbol name:crypto/dso/dso_dlfcn.c:178:symname(bind_engine): /usr/local/lib64/engines-1.1/afalg.so: undefined symbol: bind_engine
> 139853452924736:error:2506C06A:DSO support routines:DSO_bind_func:could not bind to the requested symbol name:crypto/dso/dso_lib.c:185:
> 139853452924736:error:260B6068:engine routines:dynamic_load:DSO failure:crypto/engine/eng_dyn.c:427:
> 139853452924736:error:2606A074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:339:id=afalg
> 139853452924736:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:113:filename(libafalg.so): libafalg.so: cannot open shared object file: No such file or directory
> 139853452924736:error:25070067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:161:
> 139853452924736:error:260B6084:engine routines:dynamic_load:dso not found:crypto/engine/eng_dyn.c:414:
> ^C
>
>
> Modified both the files as the follwing:
> /usr/local/ssl/openssl.cnf
> /home/jlulla/openssl-1.1.0f/apps/openssl.cnf
>
> # Extra OBJECT IDENTIFIER info:
> #oid_file = $ENV::HOME/.oid
> oid_section = new_oids
>
> openssl_conf = openssl_def
>
> [openssl_def]
> engines = openssl_engines
>
> [openssl_engines]
> afalg = afalg_engine
>
> [afalg_engine]
> CIPHERS=aes-128-cbc
>
> With the above, the errors are more:
> [root at localhost apps]# ./openssl speed -evp aes-128-cbc -engine afalg
> invalid engine "afalg"
> 140473780422464:error:2506406A:DSO support routines:dlfcn_bind_func:could not bind to the requested symbol name:crypto/dso/dso_dlfcn.c:178:symname(bind_engine): /usr/local/lib64/engines-1.1/afalg.so: undefined symbol: bind_engine
> 140473780422464:error:2506C06A:DSO support routines:DSO_bind_func:could not bind to the requested symbol name:crypto/dso/dso_lib.c:185:
> 140473780422464:error:260B6068:engine routines:dynamic_load:DSO failure:crypto/engine/eng_dyn.c:427:
> 140473780422464:error:2606A074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:339:id=afalg
> 140473780422464:error:260BC066:engine routines:int_engine_configure:engine configuration error:crypto/engine/eng_cnf.c:141:section=afalg_engine, name=CIPHERS, value=aes-128-cbc
> 140473780422464:error:0E07606D:configuration file routines:module_run:module initialization error:crypto/conf/conf_mod.c:173:module=engines, value=openssl_engines, retcode=-1
> 140473780422464:error:2506406A:DSO support routines:dlfcn_bind_func:could not bind to the requested symbol name:crypto/dso/dso_dlfcn.c:178:symname(bind_engine): /usr/local/lib64/engines-1.1/afalg.so: undefined symbol: bind_engine
> 140473780422464:error:2506C06A:DSO support routines:DSO_bind_func:could not bind to the requested symbol name:crypto/dso/dso_lib.c:185:
> 140473780422464:error:260B6068:engine routines:dynamic_load:DSO failure:crypto/engine/eng_dyn.c:427:
> 140473780422464:error:2606A074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:339:id=afalg
> 140473780422464:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:113:filename(libafalg.so): libafalg.so: cannot open shared object file: No such file or directory
> 140473780422464:error:25070067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:161:
> 140473780422464:error:260B6084:engine routines:dynamic_load:dso not found:crypto/engine/eng_dyn.c:414:
> ^C
>
More information about the openssl-dev
mailing list