Generate shim `.so` to rename symbols of existing `.so`












0















I have an existing pre-built .so shared library (let's call it libjniopenssl.so). It was built by third party on Debian Linux with OpenSSL 1.0.1k-3+deb8u4.
I had to run libjniopenssl.so on CentOS with OpenSSL 1.0.2k package.
Despite the OpenSSL versions are slightly different the API used by libjniopenssl.so were not changed between 1.0.1k and 1.0.2k - so I expected them to be source and binary compatible for my scenario.
Unfortunately just running libjniopenssl.so on CentOS does not work.



The libjniopenssl.so is loaded by JVM via System.loadLibrary, but it fails with the following error when running on CentOS:



Unable to load libjniopenssl: java.lang.UnsatisfiedLinkError: /tmp/jna-112200956/jna6604950569974562639.tmp:

libcrypto.so.1.0.0: cannot open shared object file: No such file or directory


The reason is simple, there is no such file libcrypto.so.1.0.0 on CentOS, because OpenSSL 1.0.2k 16.el7 provides only following .so's:



$ ls -l /lib64/libcrypto*

lrwxrwxrwx. 1 root root      19 Jun  5  2018 /lib64/libcrypto.so.10 -> libcrypto.so.1.0.2k

-rwxr-xr-x. 1 root root 2512832 Apr 11  2018 /lib64/libcrypto.so.1.0.2k


For some reason CentOS package intentionally renamed .so file name from default libcrypto.so.1.0.0 to libcrypto.so.1.0.2k, even so when compiling that version from source it uses name libcrypto.so.1.0.0.



This error message suggested to try creating a symlink with name /lib64/libcrypto.so.1.0.0 which points to /lib64/libcrypto.so.1.0.2k



This resulted in the following error in run-time:



Unable to load libjniopenssl: java.lang.UnsatisfiedLinkError: /tmp/jna-112200956/jna2564265718506275007.tmp: 

/lib64/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /tmp/jna-112200956/jna2564265718506275007.tmp)


Inspecting libjniopenssl.so shown that there are following symbols referenced from OpenSSL:



$ readelf -Ws libjniopenssl.so



Symbol table '.dynsym' contains 40 entries:

Num:    Value          Size Type    Bind   Vis      Ndx Name

    0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND

    1: 0000000000000e98     0 SECTION LOCAL  DEFAULT    9

    2: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__

    3: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _Jv_RegisterClasses

    4: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_CIPHER_CTX_init@OPENSSL_1.0.0 (2)

    5: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND malloc@GLIBC_2.2.5 (3)

    6: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND OPENSSL_add_all_algorithms_noconf@OPENSSL_1.0.0 (2)

    7: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_CTX_cleanup@OPENSSL_1.0.0 (2)

    8: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_CipherUpdate@OPENSSL_1.0.0 (2)

    9: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_deregisterTMCloneTable

    10: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND ERR_load_crypto_strings@OPENSSL_1.0.0 (2)

    11: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND free@GLIBC_2.2.5 (3)

    12: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_registerTMCloneTable

    13: 0000000000000000     0 FUNC    WEAK   DEFAULT  UND __cxa_finalize@GLIBC_2.2.5 (3)

    14: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_CTX_init@OPENSSL_1.0.0 (2)

    15: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_Final@OPENSSL_1.0.0 (2)

    16: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_sha1@OPENSSL_1.0.0 (2)

    17: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_Init_ex@OPENSSL_1.0.0 (2)

    18: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_Update@OPENSSL_1.0.0 (2)

    19: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_CIPHER_CTX_cleanup@OPENSSL_1.0.0 (2)

    20: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_MD_size@OPENSSL_1.0.0 (2)

    21: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_aes_128_ctr@OPENSSL_1.0.1 (4)


But the libcrypto.so.1.0.2k on CentOS has symbols which has different postfix, for example:



readelf -Ws /lib64/libcrypto.so.1.0.2k | grep -iE "EVP_CIPHER_CTX_init"

705: 000000000012a6b0   151 FUNC    GLOBAL DEFAULT   13 EVP_CIPHER_CTX_init@@libcrypto.so.10


So, on CentOS postfix is @@libcrypto.so.10, but libjniopenssl.so was linked against shared library which has symbols with postfix @OPENSSL_1.0.0. That's probably why just adding symlink does not work.



The further investigation shown that Debian version of OpenSSL 1.0.1k has included many patches, including one which adds symbol versioning. It was introduced only in OpenSSL 1.1.0, but was back ported by someone who is providing Debian package to 1.0.1.



In contrary CentOS OpenSSL 1.0.2k package does not include that patch for symbol versioning (but they include other patches from 1.1.0 according to symbols in .so).



I could re-build libjniopenssl.so on CentOS against it's copy of OpenSSL, but it actually involving maintaining (building, storing, deploying) own copy of libjniopenssl.so which actually comes from third-party git repository. I don't like rebuild solution, so I'm looking for more elegant one. But I have to say that re-building is what recommended on CentOS forum.



One solution I could think of is generation during build or deploy time a special shim libcrypto.so.1.0.0 (based on target system-provided copy of libcrypto) which has renamed symbols as desired by libjniopenssl.so, but under the hood it will translate all calls to the original system-provided libcrypto.so.1.0.2k.



In general I'm looking for some tool or set of tools which is capable of automatically generating such a "shim/adapter/proxy" .so out of specified "implementation" .so, but with ability to redefine some or all symbols.
I've found that there is objcopy tool which has --redefine-symbol old=new, but it doesn't exactly do what I want: I don't want to copy any code from original .so, I do want to translate calls to original "implementation" .so.



UPD: It is occurred by running local experiment that objcopy does not support renaming of symbols in dynamic library. The problem confirmed from this mail thread.



Summarizing, my questions are:




  1. Is there an existing util capable to generate such shared shim library for a specified .so file?

  2. Or maybe there is a better way to solve this incompatibility between CentOS and Debian OpenSSL packages, assuming I don't want to modify neither third-party provided libjniopenssl.so nor OS provided copy of OpenSSL?






java linux openssl centos debian







share|improve this question

























  • Debian's and CentOS's OpenSSL seem to be binary incompatible. Forcing linkage by renaming symbols can lead to run-time errors.

    – Vi.
    Jan 3 at 14:50
















0















I have an existing pre-built .so shared library (let's call it libjniopenssl.so). It was built by third party on Debian Linux with OpenSSL 1.0.1k-3+deb8u4.
I had to run libjniopenssl.so on CentOS with OpenSSL 1.0.2k package.
Despite the OpenSSL versions are slightly different the API used by libjniopenssl.so were not changed between 1.0.1k and 1.0.2k - so I expected them to be source and binary compatible for my scenario.
Unfortunately just running libjniopenssl.so on CentOS does not work.



The libjniopenssl.so is loaded by JVM via System.loadLibrary, but it fails with the following error when running on CentOS:



Unable to load libjniopenssl: java.lang.UnsatisfiedLinkError: /tmp/jna-112200956/jna6604950569974562639.tmp:

libcrypto.so.1.0.0: cannot open shared object file: No such file or directory


The reason is simple, there is no such file libcrypto.so.1.0.0 on CentOS, because OpenSSL 1.0.2k 16.el7 provides only following .so's:



$ ls -l /lib64/libcrypto*

lrwxrwxrwx. 1 root root      19 Jun  5  2018 /lib64/libcrypto.so.10 -> libcrypto.so.1.0.2k

-rwxr-xr-x. 1 root root 2512832 Apr 11  2018 /lib64/libcrypto.so.1.0.2k


For some reason CentOS package intentionally renamed .so file name from default libcrypto.so.1.0.0 to libcrypto.so.1.0.2k, even so when compiling that version from source it uses name libcrypto.so.1.0.0.



This error message suggested to try creating a symlink with name /lib64/libcrypto.so.1.0.0 which points to /lib64/libcrypto.so.1.0.2k



This resulted in the following error in run-time:



Unable to load libjniopenssl: java.lang.UnsatisfiedLinkError: /tmp/jna-112200956/jna2564265718506275007.tmp: 

/lib64/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /tmp/jna-112200956/jna2564265718506275007.tmp)


Inspecting libjniopenssl.so shown that there are following symbols referenced from OpenSSL:



$ readelf -Ws libjniopenssl.so



Symbol table '.dynsym' contains 40 entries:

Num:    Value          Size Type    Bind   Vis      Ndx Name

    0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND

    1: 0000000000000e98     0 SECTION LOCAL  DEFAULT    9

    2: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__

    3: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _Jv_RegisterClasses

    4: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_CIPHER_CTX_init@OPENSSL_1.0.0 (2)

    5: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND malloc@GLIBC_2.2.5 (3)

    6: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND OPENSSL_add_all_algorithms_noconf@OPENSSL_1.0.0 (2)

    7: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_CTX_cleanup@OPENSSL_1.0.0 (2)

    8: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_CipherUpdate@OPENSSL_1.0.0 (2)

    9: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_deregisterTMCloneTable

    10: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND ERR_load_crypto_strings@OPENSSL_1.0.0 (2)

    11: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND free@GLIBC_2.2.5 (3)

    12: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_registerTMCloneTable

    13: 0000000000000000     0 FUNC    WEAK   DEFAULT  UND __cxa_finalize@GLIBC_2.2.5 (3)

    14: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_CTX_init@OPENSSL_1.0.0 (2)

    15: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_Final@OPENSSL_1.0.0 (2)

    16: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_sha1@OPENSSL_1.0.0 (2)

    17: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_Init_ex@OPENSSL_1.0.0 (2)

    18: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_Update@OPENSSL_1.0.0 (2)

    19: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_CIPHER_CTX_cleanup@OPENSSL_1.0.0 (2)

    20: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_MD_size@OPENSSL_1.0.0 (2)

    21: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_aes_128_ctr@OPENSSL_1.0.1 (4)


But the libcrypto.so.1.0.2k on CentOS has symbols which has different postfix, for example:



readelf -Ws /lib64/libcrypto.so.1.0.2k | grep -iE "EVP_CIPHER_CTX_init"

705: 000000000012a6b0   151 FUNC    GLOBAL DEFAULT   13 EVP_CIPHER_CTX_init@@libcrypto.so.10


So, on CentOS postfix is @@libcrypto.so.10, but libjniopenssl.so was linked against shared library which has symbols with postfix @OPENSSL_1.0.0. That's probably why just adding symlink does not work.



The further investigation shown that Debian version of OpenSSL 1.0.1k has included many patches, including one which adds symbol versioning. It was introduced only in OpenSSL 1.1.0, but was back ported by someone who is providing Debian package to 1.0.1.



In contrary CentOS OpenSSL 1.0.2k package does not include that patch for symbol versioning (but they include other patches from 1.1.0 according to symbols in .so).



I could re-build libjniopenssl.so on CentOS against it's copy of OpenSSL, but it actually involving maintaining (building, storing, deploying) own copy of libjniopenssl.so which actually comes from third-party git repository. I don't like rebuild solution, so I'm looking for more elegant one. But I have to say that re-building is what recommended on CentOS forum.



One solution I could think of is generation during build or deploy time a special shim libcrypto.so.1.0.0 (based on target system-provided copy of libcrypto) which has renamed symbols as desired by libjniopenssl.so, but under the hood it will translate all calls to the original system-provided libcrypto.so.1.0.2k.



In general I'm looking for some tool or set of tools which is capable of automatically generating such a "shim/adapter/proxy" .so out of specified "implementation" .so, but with ability to redefine some or all symbols.
I've found that there is objcopy tool which has --redefine-symbol old=new, but it doesn't exactly do what I want: I don't want to copy any code from original .so, I do want to translate calls to original "implementation" .so.



UPD: It is occurred by running local experiment that objcopy does not support renaming of symbols in dynamic library. The problem confirmed from this mail thread.



Summarizing, my questions are:




  1. Is there an existing util capable to generate such shared shim library for a specified .so file?

  2. Or maybe there is a better way to solve this incompatibility between CentOS and Debian OpenSSL packages, assuming I don't want to modify neither third-party provided libjniopenssl.so nor OS provided copy of OpenSSL?






java linux openssl centos debian







share|improve this question

























  • Debian's and CentOS's OpenSSL seem to be binary incompatible. Forcing linkage by renaming symbols can lead to run-time errors.

    – Vi.
    Jan 3 at 14:50














0












0








0








I have an existing pre-built .so shared library (let's call it libjniopenssl.so). It was built by third party on Debian Linux with OpenSSL 1.0.1k-3+deb8u4.
I had to run libjniopenssl.so on CentOS with OpenSSL 1.0.2k package.
Despite the OpenSSL versions are slightly different the API used by libjniopenssl.so were not changed between 1.0.1k and 1.0.2k - so I expected them to be source and binary compatible for my scenario.
Unfortunately just running libjniopenssl.so on CentOS does not work.



The libjniopenssl.so is loaded by JVM via System.loadLibrary, but it fails with the following error when running on CentOS:



Unable to load libjniopenssl: java.lang.UnsatisfiedLinkError: /tmp/jna-112200956/jna6604950569974562639.tmp:

libcrypto.so.1.0.0: cannot open shared object file: No such file or directory


The reason is simple, there is no such file libcrypto.so.1.0.0 on CentOS, because OpenSSL 1.0.2k 16.el7 provides only following .so's:



$ ls -l /lib64/libcrypto*

lrwxrwxrwx. 1 root root      19 Jun  5  2018 /lib64/libcrypto.so.10 -> libcrypto.so.1.0.2k

-rwxr-xr-x. 1 root root 2512832 Apr 11  2018 /lib64/libcrypto.so.1.0.2k


For some reason CentOS package intentionally renamed .so file name from default libcrypto.so.1.0.0 to libcrypto.so.1.0.2k, even so when compiling that version from source it uses name libcrypto.so.1.0.0.



This error message suggested to try creating a symlink with name /lib64/libcrypto.so.1.0.0 which points to /lib64/libcrypto.so.1.0.2k



This resulted in the following error in run-time:



Unable to load libjniopenssl: java.lang.UnsatisfiedLinkError: /tmp/jna-112200956/jna2564265718506275007.tmp: 

/lib64/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /tmp/jna-112200956/jna2564265718506275007.tmp)


Inspecting libjniopenssl.so shown that there are following symbols referenced from OpenSSL:



$ readelf -Ws libjniopenssl.so



Symbol table '.dynsym' contains 40 entries:

Num:    Value          Size Type    Bind   Vis      Ndx Name

    0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND

    1: 0000000000000e98     0 SECTION LOCAL  DEFAULT    9

    2: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__

    3: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _Jv_RegisterClasses

    4: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_CIPHER_CTX_init@OPENSSL_1.0.0 (2)

    5: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND malloc@GLIBC_2.2.5 (3)

    6: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND OPENSSL_add_all_algorithms_noconf@OPENSSL_1.0.0 (2)

    7: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_CTX_cleanup@OPENSSL_1.0.0 (2)

    8: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_CipherUpdate@OPENSSL_1.0.0 (2)

    9: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_deregisterTMCloneTable

    10: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND ERR_load_crypto_strings@OPENSSL_1.0.0 (2)

    11: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND free@GLIBC_2.2.5 (3)

    12: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_registerTMCloneTable

    13: 0000000000000000     0 FUNC    WEAK   DEFAULT  UND __cxa_finalize@GLIBC_2.2.5 (3)

    14: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_CTX_init@OPENSSL_1.0.0 (2)

    15: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_Final@OPENSSL_1.0.0 (2)

    16: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_sha1@OPENSSL_1.0.0 (2)

    17: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_Init_ex@OPENSSL_1.0.0 (2)

    18: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_Update@OPENSSL_1.0.0 (2)

    19: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_CIPHER_CTX_cleanup@OPENSSL_1.0.0 (2)

    20: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_MD_size@OPENSSL_1.0.0 (2)

    21: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_aes_128_ctr@OPENSSL_1.0.1 (4)


But the libcrypto.so.1.0.2k on CentOS has symbols which has different postfix, for example:



readelf -Ws /lib64/libcrypto.so.1.0.2k | grep -iE "EVP_CIPHER_CTX_init"

705: 000000000012a6b0   151 FUNC    GLOBAL DEFAULT   13 EVP_CIPHER_CTX_init@@libcrypto.so.10


So, on CentOS postfix is @@libcrypto.so.10, but libjniopenssl.so was linked against shared library which has symbols with postfix @OPENSSL_1.0.0. That's probably why just adding symlink does not work.



The further investigation shown that Debian version of OpenSSL 1.0.1k has included many patches, including one which adds symbol versioning. It was introduced only in OpenSSL 1.1.0, but was back ported by someone who is providing Debian package to 1.0.1.



In contrary CentOS OpenSSL 1.0.2k package does not include that patch for symbol versioning (but they include other patches from 1.1.0 according to symbols in .so).



I could re-build libjniopenssl.so on CentOS against it's copy of OpenSSL, but it actually involving maintaining (building, storing, deploying) own copy of libjniopenssl.so which actually comes from third-party git repository. I don't like rebuild solution, so I'm looking for more elegant one. But I have to say that re-building is what recommended on CentOS forum.



One solution I could think of is generation during build or deploy time a special shim libcrypto.so.1.0.0 (based on target system-provided copy of libcrypto) which has renamed symbols as desired by libjniopenssl.so, but under the hood it will translate all calls to the original system-provided libcrypto.so.1.0.2k.



In general I'm looking for some tool or set of tools which is capable of automatically generating such a "shim/adapter/proxy" .so out of specified "implementation" .so, but with ability to redefine some or all symbols.
I've found that there is objcopy tool which has --redefine-symbol old=new, but it doesn't exactly do what I want: I don't want to copy any code from original .so, I do want to translate calls to original "implementation" .so.



UPD: It is occurred by running local experiment that objcopy does not support renaming of symbols in dynamic library. The problem confirmed from this mail thread.



Summarizing, my questions are:




  1. Is there an existing util capable to generate such shared shim library for a specified .so file?

  2. Or maybe there is a better way to solve this incompatibility between CentOS and Debian OpenSSL packages, assuming I don't want to modify neither third-party provided libjniopenssl.so nor OS provided copy of OpenSSL?






java linux openssl centos debian







share|improve this question
















I have an existing pre-built .so shared library (let's call it libjniopenssl.so). It was built by third party on Debian Linux with OpenSSL 1.0.1k-3+deb8u4.
I had to run libjniopenssl.so on CentOS with OpenSSL 1.0.2k package.
Despite the OpenSSL versions are slightly different the API used by libjniopenssl.so were not changed between 1.0.1k and 1.0.2k - so I expected them to be source and binary compatible for my scenario.
Unfortunately just running libjniopenssl.so on CentOS does not work.



The libjniopenssl.so is loaded by JVM via System.loadLibrary, but it fails with the following error when running on CentOS:



Unable to load libjniopenssl: java.lang.UnsatisfiedLinkError: /tmp/jna-112200956/jna6604950569974562639.tmp:

libcrypto.so.1.0.0: cannot open shared object file: No such file or directory


The reason is simple, there is no such file libcrypto.so.1.0.0 on CentOS, because OpenSSL 1.0.2k 16.el7 provides only following .so's:



$ ls -l /lib64/libcrypto*

lrwxrwxrwx. 1 root root      19 Jun  5  2018 /lib64/libcrypto.so.10 -> libcrypto.so.1.0.2k

-rwxr-xr-x. 1 root root 2512832 Apr 11  2018 /lib64/libcrypto.so.1.0.2k


For some reason CentOS package intentionally renamed .so file name from default libcrypto.so.1.0.0 to libcrypto.so.1.0.2k, even so when compiling that version from source it uses name libcrypto.so.1.0.0.



This error message suggested to try creating a symlink with name /lib64/libcrypto.so.1.0.0 which points to /lib64/libcrypto.so.1.0.2k



This resulted in the following error in run-time:



Unable to load libjniopenssl: java.lang.UnsatisfiedLinkError: /tmp/jna-112200956/jna2564265718506275007.tmp: 

/lib64/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /tmp/jna-112200956/jna2564265718506275007.tmp)


Inspecting libjniopenssl.so shown that there are following symbols referenced from OpenSSL:



$ readelf -Ws libjniopenssl.so



Symbol table '.dynsym' contains 40 entries:

Num:    Value          Size Type    Bind   Vis      Ndx Name

    0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND

    1: 0000000000000e98     0 SECTION LOCAL  DEFAULT    9

    2: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__

    3: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _Jv_RegisterClasses

    4: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_CIPHER_CTX_init@OPENSSL_1.0.0 (2)

    5: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND malloc@GLIBC_2.2.5 (3)

    6: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND OPENSSL_add_all_algorithms_noconf@OPENSSL_1.0.0 (2)

    7: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_CTX_cleanup@OPENSSL_1.0.0 (2)

    8: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_CipherUpdate@OPENSSL_1.0.0 (2)

    9: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_deregisterTMCloneTable

    10: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND ERR_load_crypto_strings@OPENSSL_1.0.0 (2)

    11: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND free@GLIBC_2.2.5 (3)

    12: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_registerTMCloneTable

    13: 0000000000000000     0 FUNC    WEAK   DEFAULT  UND __cxa_finalize@GLIBC_2.2.5 (3)

    14: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_CTX_init@OPENSSL_1.0.0 (2)

    15: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_Final@OPENSSL_1.0.0 (2)

    16: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_sha1@OPENSSL_1.0.0 (2)

    17: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_Init_ex@OPENSSL_1.0.0 (2)

    18: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND HMAC_Update@OPENSSL_1.0.0 (2)

    19: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_CIPHER_CTX_cleanup@OPENSSL_1.0.0 (2)

    20: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_MD_size@OPENSSL_1.0.0 (2)

    21: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND EVP_aes_128_ctr@OPENSSL_1.0.1 (4)


But the libcrypto.so.1.0.2k on CentOS has symbols which has different postfix, for example:



readelf -Ws /lib64/libcrypto.so.1.0.2k | grep -iE "EVP_CIPHER_CTX_init"

705: 000000000012a6b0   151 FUNC    GLOBAL DEFAULT   13 EVP_CIPHER_CTX_init@@libcrypto.so.10


So, on CentOS postfix is @@libcrypto.so.10, but libjniopenssl.so was linked against shared library which has symbols with postfix @OPENSSL_1.0.0. That's probably why just adding symlink does not work.



The further investigation shown that Debian version of OpenSSL 1.0.1k has included many patches, including one which adds symbol versioning. It was introduced only in OpenSSL 1.1.0, but was back ported by someone who is providing Debian package to 1.0.1.



In contrary CentOS OpenSSL 1.0.2k package does not include that patch for symbol versioning (but they include other patches from 1.1.0 according to symbols in .so).



I could re-build libjniopenssl.so on CentOS against it's copy of OpenSSL, but it actually involving maintaining (building, storing, deploying) own copy of libjniopenssl.so which actually comes from third-party git repository. I don't like rebuild solution, so I'm looking for more elegant one. But I have to say that re-building is what recommended on CentOS forum.



One solution I could think of is generation during build or deploy time a special shim libcrypto.so.1.0.0 (based on target system-provided copy of libcrypto) which has renamed symbols as desired by libjniopenssl.so, but under the hood it will translate all calls to the original system-provided libcrypto.so.1.0.2k.



In general I'm looking for some tool or set of tools which is capable of automatically generating such a "shim/adapter/proxy" .so out of specified "implementation" .so, but with ability to redefine some or all symbols.
I've found that there is objcopy tool which has --redefine-symbol old=new, but it doesn't exactly do what I want: I don't want to copy any code from original .so, I do want to translate calls to original "implementation" .so.



UPD: It is occurred by running local experiment that objcopy does not support renaming of symbols in dynamic library. The problem confirmed from this mail thread.



Summarizing, my questions are:




  1. Is there an existing util capable to generate such shared shim library for a specified .so file?

  2. Or maybe there is a better way to solve this incompatibility between CentOS and Debian OpenSSL packages, assuming I don't want to modify neither third-party provided libjniopenssl.so nor OS provided copy of OpenSSL?






java linux openssl centos debian




java linux openssl centos debian






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 3 at 11:35







mstyura

















asked Jan 3 at 10:14









mstyuramstyura

416




416













  • Debian's and CentOS's OpenSSL seem to be binary incompatible. Forcing linkage by renaming symbols can lead to run-time errors.

    – Vi.
    Jan 3 at 14:50



















  • Debian's and CentOS's OpenSSL seem to be binary incompatible. Forcing linkage by renaming symbols can lead to run-time errors.

    – Vi.
    Jan 3 at 14:50

















Debian's and CentOS's OpenSSL seem to be binary incompatible. Forcing linkage by renaming symbols can lead to run-time errors.

– Vi.
Jan 3 at 14:50





Debian's and CentOS's OpenSSL seem to be binary incompatible. Forcing linkage by renaming symbols can lead to run-time errors.

– Vi.
Jan 3 at 14:50












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54020210%2fgenerate-shim-so-to-rename-symbols-of-existing-so%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54020210%2fgenerate-shim-so-to-rename-symbols-of-existing-so%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Monofisismo

Image
Monofisismo (do grego: monos - "único, singular" e physis - "natureza") é o ponto de vista cristológico que defende que, depois da união do divino e do humano na encarnação histórica, Jesus Cristo, como encarnação do Filho ou Verbo ( Logos ) de Deus, teria apenas uma única "natureza", a divina, e não uma síntese de ambas. O monofisismo é contraposto pelo diofisismo (ou "diafisismo"), que defende que Jesus preservou em si as duas naturezas. Historicamente, o monofisismo se refere primordialmente à posição dos que (especialmente no Egito e, em menor grau, na Síria) rejeitaram as decisões do Concílio de Calcedônia em 451 (o quarto concílio ecumênico). Os membros mais moderados entre eles, porém, defendem a teologia "miafisita", que se tornou a oficial para as Igrejas Ortodoxas Orientais. Muitos ortodoxos orientais, porém, rejeitam essa classificação, mesmo como um termo genérico, mas ele é amplamente utilizado na literatura históri...
Read more

Angular Downloading a file using contenturl with Basic Authentication

Image
0 I have a contentUrl when user clicks on that,file should be downloaded. If I try to browse the contentUrl in the browser it asks for Userid and password.I believe this is Basic Authentication.I dont want user to enter UserId and Password so I am passing it Authorization(Please see below code). Url looks some thing like this: http://XXX.XXX.XX.XXX:8080/flowable-rest/service/runtime/tasks/90875/attachments/90555/content let username : string = 'admin'; let pwd : string = 'test'; let headers = new Headers(); headers.set('Accept', 'text/json'); headers.append('Content-Type', 'application/json'); headers.set('Access-Control-Allow-Origin', '*'); headers.set('Access-Control-Allow-Methods','POST, GET, OPTIONS, PUT, DELETE'); head...
Read more

Olmecas

Image
Monumento 1, uma das quatro cabeças colossais encontradas em La Venta, com altura aproximada de 3 metros Olmecas é a designação do povo e da civilização que estiveram na origem da antiga cultura pré-colombiana da Mesoamérica e que se desenvolveram nas regiões tropicais do centro-sul do atual México durante o pré-clássico, próximo de onde hoje estão localizados os estados mexicanos de Veracruz e Tabasco, no Istmo de Tehuantepec, numa zona designada área nuclear olmeca. A cultura olmeca floresceu nesta região aproximadamente entre 1500 e 400 a.C., [ 1 ] e crê-se que tenha sido a civilização-mãe de todas as civilizações mesoamericanas que se desenvolveram posteriormente. [ 2 ] No entanto, desconhece-se a sua exacta filiação étnica, ainda que existam numerosas hipóteses colocadas para tentar resolver esta questão. O etnónimo olmeca foi cunhado pelos arqueólogos do século XX, e não devem confundir-se com os muito posteriores olmecas-xicalancas que ocuparam vários locais do México...
Read more