openssl v3.0.2 is not work with dynamic engine libengine-gost-openssl1.1

Bug #2039142 reported by Youriy

This bug report was marked for expiration 223 days ago. (find out why)

6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Incomplete
Undecided
Unassigned

Bug Description

Hello

We use from a source code the gost engine for a check certificates chains. But openssl the version 3.0.2 is not correct load dynamic engines. openssl return error "40D7F65B7F7F0000:error:1280006A:DSO support routines:dlfcn_bind_func:could not bind to the requested symbol name:../crypto/dso/dso_dlfcn.c:188:symname(EVP_PKEY_base_id): /usr/lib/x86_64-linux-gnu/engines-3/gost.so: undefined symbol: EVP_PKEY_base_id".

We checked openssl the version 3.0.1, and 3.0.3, and 3.1.3 with the same engine. It work.

In the openssl it fixed, but in the version >=3.0.3.
Thanks

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: openssl 3.0.2-0ubuntu1.10
ProcVersionSignature: Ubuntu 6.2.0-34.34~22.04.1-generic 6.2.16
Uname: Linux 6.2.0-34-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu Oct 12 09:44:36 2023
InstallationDate: Installed on 2023-01-13 (271 days ago)
InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Youriy (atribolt) wrote :
Revision history for this message
Adrien Nader (adrien-n) wrote :

Hi,

I have not been able to reproduce your issue. Since you did not provide the exact command you've used, I did a different test that relies on the engine. I did the following (lots of trial and error):

* git clone https://github.com/gost-engine/engine
* mkdir build
* cd build
* cmake -DOPENSSL_ENGINES_DIR=/usr/lib/x86_64-linux-gnu/engines-3/ ..
* make install # install paths are pretty inconsistent and there's no way to uninstall but I'm going to throw away my test container
* vim example.conf
* change dynamic_path to "dynamic_path = /usr/lib/x86_64-linux-gnu/engines-3/gost.so"
* OPENSSL_CONF=$(pwd)/example.conf openssl dgst -md_gost94 README.md

I'm also a bit surprised by your error.

The only recent commit I've found that touches EVP_PKEY_base_id reads the following:

> if the newly loaded engine contains the symbol
> EVP_PKEY_base_id, we know it is linked to 1.1.x openssl.
> Abort loading this engine, as it will definitely crash.

As far as I understand it, the only use for this symbol is to detect that there's a version mismatch. Are you sure you don't have both in your path? Moreover I didn't notice a change related to that between 3.0.2 and 3.0.3.

Also, there is still libengine-gost-openssl1.1 in the archive for jammy (it's removed now). I tried with it too and it worked even though the gost.so is installed directly in / rather than in /usr/lib/<arch>/engines .

I would need a reproducer to investigate further.

Adrien Nader (adrien-n)
Changed in openssl (Ubuntu):
status: New → Incomplete
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.