[Bug 2039142] Re: openssl v3.0.2 is not work with dynamic engine libengine-gost-openssl1.1

Adrien Nader 2039142 at bugs.launchpad.net
Thu Oct 12 09:36:09 UTC 2023 

Hi,

I have not been able to reproduce your issue. Since you did not provide
the exact command you've used, I did a different test that relies on the
engine. I did the following (lots of trial and error):

* git clone https://github.com/gost-engine/engine
* mkdir build
* cd build
* cmake -DOPENSSL_ENGINES_DIR=/usr/lib/x86_64-linux-gnu/engines-3/  ..
* make install # install paths are pretty inconsistent and there's no way to uninstall but I'm going to throw away my test container
* vim example.conf
* change dynamic_path to "dynamic_path = /usr/lib/x86_64-linux-gnu/engines-3/gost.so"
* OPENSSL_CONF=$(pwd)/example.conf openssl dgst -md_gost94 README.md

I'm also a bit surprised by your error.

The only recent commit I've found that touches EVP_PKEY_base_id reads
the following:

> if the newly loaded engine contains the symbol
> EVP_PKEY_base_id, we know it is linked to 1.1.x openssl.
> Abort loading this engine, as it will definitely crash.

As far as I understand it, the only use for this symbol is to detect
that there's a version mismatch. Are you sure you don't have both in
your path? Moreover I didn't notice a change related to that between
3.0.2 and 3.0.3.

Also, there is still libengine-gost-openssl1.1 in the archive for jammy
(it's removed now). I tried with it too and it worked even though the
gost.so is installed directly in / rather than in
/usr/lib/<arch>/engines .

I would need a reproducer to investigate further.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2039142

Title:
  openssl v3.0.2 is not work with dynamic engine libengine-gost-
  openssl1.1

Status in openssl package in Ubuntu:
  New

Bug description:
  Hello

  We use from a source code the gost engine for a check certificates
  chains. But openssl the version 3.0.2 is not correct load dynamic
  engines. openssl return error "40D7F65B7F7F0000:error:1280006A:DSO
  support routines:dlfcn_bind_func:could not bind to the requested
  symbol name:../crypto/dso/dso_dlfcn.c:188:symname(EVP_PKEY_base_id):
  /usr/lib/x86_64-linux-gnu/engines-3/gost.so: undefined symbol:
  EVP_PKEY_base_id".

  We checked openssl the version 3.0.1, and 3.0.3, and 3.1.3 with the
  same engine. It work.

  In the openssl it fixed, but in the version >=3.0.3.
  Thanks

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: openssl 3.0.2-0ubuntu1.10
  ProcVersionSignature: Ubuntu 6.2.0-34.34~22.04.1-generic 6.2.16
  Uname: Linux 6.2.0-34-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Oct 12 09:44:36 2023
  InstallationDate: Installed on 2023-01-13 (271 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1)
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2039142/+subscriptions

More information about the foundations-bugs mailing list