Application linking to both libcrypto.so.1.0.0 and libcrypto.so.1.1

Michael Wojcik Michael.Wojcik at microfocus.com
Wed May 29 13:43:24 UTC 2019


> From: Chethan Kumar [mailto:Chethan.Kumar at toshiba-tsip.com]
> Sent: Wednesday, May 29, 2019 04:07
>
> Below is the output from ldd on application.
> Seriously I didn't knew application uses these many libraries[Knew only the
> problem].
>         linux-gate.so.1 (0xf76fc000)
>         libpam.so.0 => /lib/i386-linux-gnu/libpam.so.0 (0xf6a63000)
>         libldap-2.4.so.2 => /home/SYSROM_SRC/build/release/lib/libldap-
> 2.4.so.2 (0xf6a29000)
>         libssl.so.1.1 => /home/SYSROM_SRC/build/release/lib/libssl.so.1.1
> (0xf6990000)
>         libpthread.so.0 => /lib/i386-linux-gnu/libpthread.so.0 (0xf6972000)
>         libsqlite3.so.0 => /usr/lib/i386-linux-gnu/libsqlite3.so.0
> (0xf689c000)
>         libcrypto.so.1.1 =>
> /home/SYSROM_SRC/build/release/lib/libcrypto.so.1.1 (0xf65af000)
>         libk5crypto.so.3 => /usr/lib/i386-linux-gnu/libk5crypto.so.3
> (0xf657e000)
>         libresolv.so.2 => /lib/i386-linux-gnu/libresolv.so.2 (0xf6566000)
>         libext2fs.so.2 => /lib/i386-linux-gnu/libext2fs.so.2 (0xf6516000)
>         libuuid.so.1 => /lib/i386-linux-gnu/libuuid.so.1 (0xf6511000)
>         libdns.so.69 => /home/SYSROM_SRC/build/release/lib/libdns.so.69
> (0xf635c000)
>         libisc.so.62 => /home/SYSROM_SRC/build/release/lib/libisc.so.62
> (0xf62e7000)
>         librt.so.1 => /lib/i386-linux-gnu/librt.so.1 (0xf62de000)
>         libkrb5support.so.0 => /usr/lib/i386-linux-gnu/libkrb5support.so.0
> (0xf62d2000)
>         libkrb5.so.25 => /home/SYSROM_SRC/build/release/lib/libkrb5.so.25
> (0xf6259000)
>         libgssapi.so.2 => /home/SYSROM_SRC/build/release/lib/libgssapi.so.2
> (0xf6222000)
>         libCryptolib.so.0 =>
> /home/SYSROM_SRC/build/release/lib/libCryptolib.so.0 (0xf6191000)
>         libimf.so => /mfp/lib/libimf.so (0xf5dd8000)
>         libirng.so => /usr/lib/libirng.so (0xf5c6e000)
>         libm.so.6 => /lib/i386-linux-gnu/libm.so.6 (0xf5c1a000)
>         libcilkrts.so.5 => /usr/lib/libcilkrts.so.5 (0xf5bec000)
>         libstdc++.so.6 => /usr/lib/i386-linux-gnu/libstdc++.so.6 (0xf5afd000)
>         libsvml.so => /mfp/lib/libsvml.so (0xf4bbf000)
>         libgcc_s.so.1 => /lib/i386-linux-gnu/libgcc_s.so.1 (0xf4bab000)
>         libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xf4ba6000)
>         libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xf49e4000)
>         liblber-2.4.so.2 => /home/SYSROM_SRC/build/release/lib/liblber-
> 2.4.so.2 (0xf49d9000)
>         libsasl2.so.3 => /home/SYSROM_SRC/build/release/lib/libsasl2.so.3
> (0xf49a4000)
>         /lib/i386-linux-gnu/ld-linux.so.2 (0xf76fd000)
>         libkeyutils.so.1 => /lib/i386-linux-gnu/libkeyutils.so.1 (0xf49a0000)
>         libcom_err.so.2 => /lib/i386-linux-gnu/libcom_err.so.2 (0xf499b000)
>         libgssapi_krb5.so.2 => /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2
> (0xf494c000)
>         libcom_err.so.1 => /home/SYSROM_SRC/build/release/lib/libcom_err.so.1
> (0xf4948000)
>         libcrypto.so.1.0.0 => /usr/lib/i386-linux-gnu/libcrypto.so.1.0.0
> (0xf476b000)

So either the application program depends on libcrypto.so.1.0.0, or one of the preceding libraries does. Some path through the dependency graph leads to libcrypto.so.1.0.0.

>From the readelf output below, we see it's not the application program - that only depends on libcrypto.so.1.1. So it's one of the preceding libraries. There's a good chance it's one that comes from the OS library collection rather than a library you've built (though that's by no means certain), so let's focus on ones that aren't under /home/SYSROM_SRC.

Kerberos seems like a candidate, but a quick ldd on libk5crypto and libkrb5support doesn't show any libcrypto dependency. The same is true of libgssapi_krb5. Neither does libkeyutils.

OpenLDAP (libldap) is generally built using NSS rather than OpenSSL, so it doesn't usually link libcrypto.

None of the other OS libraries above look particularly likely to use libcrypto. So I'd suggest you use ldd on each of the libraries listed above to find out which is giving you the dependency on libcrypto.so.1.0.0. Or use LD_DEBUG to generate a loader report for your application, and work backward from that.

Writing a script to use readelf to generate a dependency graph report showing the path for each dependency is left as an exercise for the reader.

--
Michael Wojcik
Distinguished Engineer, Micro Focus





More information about the openssl-users mailing list