Yes, there are two different libubsec.so libraries:
1) The one built in OpenSSL with "./config shared"; this
is the stub library that contains "bind_engine", etc.
2) The one provided by the Broadcom SDK; this is the actual
library that contains "ubsec_bits_to_bytes", etc.
If I put 1) in the "right" place (/usr/local/ssl/lib/engines), then
ENGINE_by_id ("ubsec") succeeds. If I remove it from that directory,
then ENGINE_by_id ("ubsec") fails.
So I put 1) in the "right" place. Then I load the "dynamic" engine:
Engine = ENGINE_by_id ("dynamic");
and give it the following commands:
Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH", "ubsec", 0);
Return = ENGINE_ctrl_cmd_string (Engine, "LOAD", NULL, 0);
Both succeed; it find the library in in /usr/local/ssl/lib/engines/,
which is the OpenSSL stub. But when I run:
Return = ENGINE_set_default (Engine, ENGINE_METHOD_ALL);
It fails, because it can't find the "ubsec_bits_to_bytes" symbol. So
it smells like it wants the Broadcom library in the "LOAD" command,
so I change that to:
Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH",
"/usr/lib/libubsec.so", 0);
Which is where the Broadcom library is. Now the "LOAD" command fails,
because it can't find the "bind_engine" symbol. So now it's looking
for the OpenSSL stub library there! So then I renamed the Broadcom
library to /usr/lib/bc.libubsec.so, and said:
Return = ENGINE_ctrl_cmd_string (Engine, "SO_PATH",
"/usr/lib/bc.libubsec.so", 0);
And I got the same error.
So how do I get around this problem of the OpenSSL stub and the Broadcom
library
having the same name? Where should I place each in order for them both
to be
loaded?
Thanks again.
-----Original Message-----
From: Geoff Thorpe [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 27, 2005 10:10 PM
To: [email protected]
Cc: Martin Del Vecchio
Subject: Re: Problem using Broadcom uBSec engine in 0.9.8
On October 27, 2005 02:47 pm, Martin Del Vecchio wrote:
> I get an error similar to what I was seeing before; it can't find the
> symbol
> 'ubsec_bytes_to_bits':
>
> error:2506406A:DSO support routines:DLFCN_BIND_FUNC:could not bind
> to the requested symbol name (dso_dlfcn.c:261)
> -> symname(ubsec_bytes_to_bits):
> /usr/local/ssl/lib/engines/libubsec.so: undefined symbol:
> ubsec_bytes_to_bits
OK, you need to know that the ubsec engine itself is a stub that uses a
broadcom-provided library to do the actual ubsec operations, the engine
merely slides functionality into openssl that is based on the the
broadcom SDK. I think what's happening is that you've got the engine
library loading *itself* rather than the broadcom support library. The
error you see is just the first symbol that the ubsec engine tries to
bind to - and of course none of the expected symbols exist because it's
not the broadcom library, it's the engine library. I don't have broadcom
hardware nor their SDK, libraries/drivers, etc, so you may need to dig
around to get to the bottom of this. But first off, figure out which
library is which :-) If the broadcom-provided lib is called libubsec.so,
that'd be an unfortunate name-conflict but it shouldn't be catastrophic,
because openssl doesn't look for engine libraries in arbitrary locations
(doing so would have unquantifiable security consequences) but in an
openssl-specific location. The ubsec engine, on the other hand, should
pick up the broadcom library using standard library locations - and this
is either missing or in a directory that isn't getting searched
(LD_LIBRARY_PATH might help here) - it seems you've "fixed" this problem
by moving/copying the engine library somewhere visible instead so that
it loads itself instead of the broadcom lib.
Hope that helps,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
Self-interest and materialistic desire are parts of who we are, but not
all. To base a social and economic system on these traits is dangerously
fundamentalist.
-- Joel Bakan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
