How to compile OpenSSL 1.0.x with versioned symbols ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to compile OpenSSL 1.0.x with versioned symbols ?

pratyush parimal
Hi all,

Are people familiar with how to get symbols versioned with versions
like "OPENSSL_1.0.x" in the libcrypto.so after compiling it
yourselves?

I have an application which was compiled and dynamically linked
against OpenSSL 1.0.2k on a CentOS 6.7 machine. I'm trying to run it
on a system where I've built and installed OpenSSL 1.0.2k myself. For
compilation, I followed the instructions on the wiki page:
https://wiki.openssl.org/index.php/Compilation_and_Installation? ,
i.e. I did:
./Configure ...
make depend
make
make install

Problem is, on execution my application complains that: "OPENSSL_1.0.2
not found". Performing "objdump -T" on the OpenSSL 1.0.2k libcrypto.so
on the CentOS machine, I see some symbols versioned with the version
number "OPENSSL_1.0.2" within the library. But these seem to be
missing in the libcrypto.so which I built using the instructions
above. Any idea how to get those symbols in ? Or how to get around
this issue?

Digging deeper I noticed that OpenSSL 1.1.0h (for example) does not
have this problem. In fact, as part of the build process, it seems to
generate two map files: ssl.map and crypto.map, which get passed as
--version-script=ssl.map and --version-script=crypto.map sometime to
the compiler. I also noticed that in that version of OpenSSL, there's
a script called util/mkdef.pl which generates those map files.

OpenSSL 1.0.2k for example, does not seem to generate those map files
as part of the build process. Any idea how to generate them? I saw an
example of how CentOS seems to be putting versioned symbols in using a
patch (https://git.centos.org/blob/rpms!openssl.git/5fee79a733e7bcfa468ae8f400bad40a1002c8c5/SOURCES!openssl-1.0.1e-version.patch),
but if someone could explain how to do that for any OpenSSL version,
it would be very helpful.

Thanks in advance!
Pratyush.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: How to compile OpenSSL 1.0.x with versioned symbols ?

Matt Caswell-2


On 19/07/18 07:08, pratyush parimal wrote:
> Hi all,
>
> Are people familiar with how to get symbols versioned with versions
> like "OPENSSL_1.0.x" in the libcrypto.so after compiling it
> yourselves?

OpenSSL as sourced from the OpenSSL project does not support this in 1.0.x.

> Problem is, on execution my application complains that: "OPENSSL_1.0.2
> not found". Performing "objdump -T" on the OpenSSL 1.0.2k libcrypto.so
> on the CentOS machine, I see some symbols versioned with the version
> number "OPENSSL_1.0.2" within the library. But these seem to be
> missing in the libcrypto.so which I built using the instructions
> above. Any idea how to get those symbols in ? Or how to get around
> this issue?

Vendors often patch OpenSSL with their own system specific changes. I
know Debian did this to add symbol versioning for 1.0.x. It seems CentOS
does too.


> Digging deeper I noticed that OpenSSL 1.1.0h (for example) does not
> have this problem. In fact, as part of the build process, it seems to
> generate two map files: ssl.map and crypto.map, which get passed as
> --version-script=ssl.map and --version-script=crypto.map sometime to
> the compiler. I also noticed that in that version of OpenSSL, there's
> a script called util/mkdef.pl which generates those map files.

Yes, this was a new feature we added to 1.1.0.

>
> OpenSSL 1.0.2k for example, does not seem to generate those map files
> as part of the build process. Any idea how to generate them? I saw an
> example of how CentOS seems to be putting versioned symbols in using a
> patch (https://git.centos.org/blob/rpms!openssl.git/5fee79a733e7bcfa468ae8f400bad40a1002c8c5/SOURCES!openssl-1.0.1e-version.patch),
> but if someone could explain how to do that for any OpenSSL version,
> it would be very helpful.

You could try applying the CentOS patch to your own sources - but there
is no official way to do this. Alternatively you could try building from
the CentOS provided sources.

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users