[Pkg-openssl-devel] Bug#431918: Bug#431918: openssl: multiple causes for libssl0.9.8 - unable to load crypto engines
Kurt Roeckx
kurt at roeckx.be
Tue Dec 22 17:48:30 UTC 2009
On Tue, Dec 22, 2009 at 11:02:52AM +0100, Carsten Wolff wrote:
> Package: openssl
> Version: 0.9.8k-7
> Severity: normal
>
> I think there are multiple causes for this bug.
>
> 1) If I use the package from squeeze with the above mentioned version and try
> to use the padlock engine, openssl tries to load a shared object for this
> engine, even though "padlock" is a builtin, static engine:
>
> root at gateway:~# openssl speed -evp aes-256-ecb -engine padlock
> invalid engine "padlock"
> 2852:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(/usr/lib/ssl/engines/libpadlock.so): /usr/lib/ssl/engines/libpadlock.so: cannot open shared object file: No such file or directory
> 2852:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
> 2852:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
> 2852:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:415:id=padlock
> 2852:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(libpadlock.so): libpadlock.so: cannot open shared object file: No such file or directory
> 2852:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
> 2852:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
Since like you say there is no shared lib for it, this is normal.
> 2) If I follow the hints from http://www.logix.cz/michal/devel/padlock/#openssl098-static
> and add patches to above package to make a shared libpadlock.so, the problem changes to
> the one, Bastian reported. The error changes to the same
> "DLFCN_BIND_FUNC:could not bind to the requested symbol name:dso_dlfcn.c:261:symname(bind_engine)"
Does the resulting shared object actually have an bind_engine
symbol in it? Try using objdump -T libpadlock.so to see if it
has any. Looking at the sources, only the capi and gmp engine
seem to have that.
Note that I can not reproduce any of this since I don't have any
hardware for it. The only thing I could use would be the gmp
one, which now does:
11654:error:260B606D:engine routines:DYNAMIC_LOAD:init failed:eng_dyn.c:521:
11654:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:415:id=gmp
11654:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(libgmp.so): libgmp.so: cannot open shared object file: No such file or directory
11654:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
11654:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
Doing md2 for 3s on 16 size blocks: 164541 md2's in 2.35s
[...]
It looks to me like all the (shared) engines are broken.
Also see http://bugs.debian.org/368476, which also points to the same
patches.
I believe that openssl should always use the padlock engine
on such CPUs, but since I don't have any, I can't test this.
Also see http://bugs.deiban.org/502177 and
http://bugs.debian.org/556968
Kurt
More information about the Pkg-openssl-devel
mailing list