On Tue, Dec 22, 2009 at 11:02:52AM +0100, Carsten Wolff wrote: > Package: openssl > Version: 0.9.8k-7 > Severity: normal > > I think there are multiple causes for this bug. > > 1) If I use the package from squeeze with the above mentioned version and try > to use the padlock engine, openssl tries to load a shared object for this > engine, even though "padlock" is a builtin, static engine: > > r...@gateway:~# openssl speed -evp aes-256-ecb -engine padlock > invalid engine "padlock" > 2852:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared > library:dso_dlfcn.c:162:filename(/usr/lib/ssl/engines/libpadlock.so): > /usr/lib/ssl/engines/libpadlock.so: cannot open shared object file: No such > file or directory > 2852:error:25070067:DSO support routines:DSO_load:could not load the shared > library:dso_lib.c:244: > 2852:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: > 2852:error:2606A074:engine routines:ENGINE_by_id:no such > engine:eng_list.c:415:id=padlock > 2852:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared > library:dso_dlfcn.c:162:filename(libpadlock.so): libpadlock.so: cannot open > shared object file: No such file or directory > 2852:error:25070067:DSO support routines:DSO_load:could not load the shared > library:dso_lib.c:244: > 2852:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
Since like you say there is no shared lib for it, this is normal. > 2) If I follow the hints from > http://www.logix.cz/michal/devel/padlock/#openssl098-static > and add patches to above package to make a shared libpadlock.so, the > problem changes to > the one, Bastian reported. The error changes to the same > "DLFCN_BIND_FUNC:could not bind to the requested symbol > name:dso_dlfcn.c:261:symname(bind_engine)" Does the resulting shared object actually have an bind_engine symbol in it? Try using objdump -T libpadlock.so to see if it has any. Looking at the sources, only the capi and gmp engine seem to have that. Note that I can not reproduce any of this since I don't have any hardware for it. The only thing I could use would be the gmp one, which now does: 11654:error:260B606D:engine routines:DYNAMIC_LOAD:init failed:eng_dyn.c:521: 11654:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:415:id=gmp 11654:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:162:filename(libgmp.so): libgmp.so: cannot open shared object file: No such file or directory 11654:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244: 11654:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450: Doing md2 for 3s on 16 size blocks: 164541 md2's in 2.35s [...] It looks to me like all the (shared) engines are broken. Also see http://bugs.debian.org/368476, which also points to the same patches. I believe that openssl should always use the padlock engine on such CPUs, but since I don't have any, I can't test this. Also see http://bugs.deiban.org/502177 and http://bugs.debian.org/556968 Kurt -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
