On 12/29/23 22:56, Fox, Shawn D (US) via openssl-users wrote:
I have built openssl v1.1.1w from source on the RHEL8 OS using the GCC12
toolset. The command to configure looks like this and then gmake
install used to build and install.
./config --prefix=/data/${USER}/repos/tp/openssl-1.1.1w-install/release
/data/${USER}/repos/tp/openssl-1.1.1w is the directory containing the
extracted source and configuration files.
So that worked fine and binaries were produced. However, when I try to
build my own applications specifying
/data/${USER}/repos/tp/openssl-1.1.1w-install/release/lib as the
location of the libraries then I am seeing linker errors such as:
/opt/rh/gcc-toolset-12/root/usr/libexec/gcc/x86_64-redhat-linux/12/ld:
/lib64/libk5crypto.so.3: undefined reference to
`EVP_KDF_CTX_free@OPENSSL_1_1_1b'
That is because you successfully created a binary with the imports from
your desired openssl. But since you linked it dynamically, your system
used what is in the default library path, and /lib64/libk5crypto.so.3 is
clearly an openssl 3 from your OS.
You can override the search at runtime by setting LD_LIBRARY_PATH to
your library path, you can statically link, and to my knowledge there
are ELF modifications that allow you to insert the path to a library
into the binary, but I am not aware of the details (the keyword is RPATH).
Good luck,
Christian
So far web searches haven’t turned up much info that helps me but one
thread did indicate that the problem is due to using a downstream build
of openssl on RHEL8 since red hat backports security fixes into an older
version that they distribute.
I found some articles about libk5crypto which seems to be something
related to Kerberos. I’ve no idea how that factors into my application
build since I don’t believe it has a dependency on that. However I have
noticed that my build of libcrypto has fewer symbols then the libcrypto
installed to RHEL8. Take a look at this.
*objdump -TC /lib64/libcrypto.so |grep EVP_KDF*
00000000001725d0 g DF .text 00000000000000f0 OPENSSL_1_1_1b
EVP_KDF_ctrl
00000000001726c0 g DF .text 000000000000008e OPENSSL_1_1_1b
EVP_KDF_ctrl_str
0000000000172570 g DF .text 0000000000000021 OPENSSL_1_1_1b
EVP_KDF_reset
0000000000172750 g DF .text 0000000000000030 OPENSSL_1_1_1b
EVP_KDF_size
00000000001725a0 g DF .text 0000000000000023 OPENSSL_1_1_1b
EVP_KDF_vctrl
0000000000172450 g DF .text 0000000000000111 OPENSSL_1_1_1b
EVP_KDF_CTX_new_id
0000000000172410 g DF .text 0000000000000031 OPENSSL_1_1_1b
EVP_KDF_CTX_free
0000000000172780 g DF .text 0000000000000023 OPENSSL_1_1_1b
EVP_KDF_derive
/data/${USER}/repos/tp/openssl-1.1.1w-install/release/lib
objdump -TC libcrypto.so | grep EVP_KDF
<no symbols found>
I searched the CHANGE notes for SSL 1.1.1w and the INSTALL file for
configure instructions but I do not see any reason why these symbols are
not being produced in my build. My guess is that during linking
something must have transitive dependency on libk5crypto which requires
the symbols in question which do not exist in my custom build of
libcrypto. How can I build libcrypto so that it has these EVP* symbols?
Thanks,
Shawn Fox
