libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b

Support for security such as Firewalls and securing linux
Post Reply
sam.gaid
Posts: 3
Joined: 2023/01/17 05:12:37

libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b

Post by sam.gaid » 2023/01/17 05:29:56

Hello,
I'm getting undefined symbol EVP_KDF_ctrl in /usr/lib64/libk5crypto.so.3.

symbol lookup error: /lib64/libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b (Error UID: 4357cd9c-7bac-4360-92c6-c939faedf248)

The server is on CentOS8.
Here is what I see on the server.
-----------------------------------------------------

Code: Select all

[root@server lib64]# ls -la libk5c*
lrwxrwxrwx. 1 root root    18 Nov 16 03:12 libk5crypto.so.3 -> libk5crypto.so.3.1
-rwxr-xr-x. 1 root root 96288 Nov 16 03:12 libk5crypto.so.3.1

[root@server lib64]# objdump -TC /usr/lib64/libk5crypto.so.3.1 | grep EVP_KDF
0000000000000000      DF *UND*  0000000000000000  OPENSSL_1_1_1b EVP_KDF_ctr
0000000000000000      DF *UND*  0000000000000000  OPENSSL_1_1_1b EVP_KDF_CTX_new_id
0000000000000000      DF *UND*  0000000000000000  OPENSSL_1_1_1b EVP_KDF_CTX_free
0000000000000000      DF *UND*  0000000000000000  OPENSSL_1_1_1b EVP_KDF_derive

[root@server lib64]# rpm -qf libk5crypto.so.3
krb5-libs-1.18.2-22.el8.x86_64

[root@server lib64]# rpm -q openssl
openssl-1.1.1k-7.el8.x86_64
-------------------------------------------------------------
I tried dnf reinstall krb5-libs but that did not solve the undefined symbol issue.
Any guidance is appreciated.
Thanks!

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b

Post by TrevorH » 2023/01/17 10:15:41

If this is CentOS Linux 8 then it died more than a year ago. If this is Stream then bad luck, this is the sort of thing that happens with a beta version, sorry. :-( In either case you are not up to date

Code: Select all

[root@rocky8 ~]# yum list krb5-libs openssl
Last metadata expiration check: 11:55:56 ago on Mon Jan 16 22:17:20 2023.
Installed Packages
krb5-libs.x86_64                                      1.18.2-22.el8_7                                       @baseos
openssl.x86_64                                        1:1.1.1k-7.el8_6                                      @baseos
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

sam.gaid
Posts: 3
Joined: 2023/01/17 05:12:37

Re: libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b

Post by sam.gaid » 2023/01/17 14:08:27

It sounds like this is CentOS 8 Stream.

Code: Select all

# yum list krb5-libs openssl
Updating Subscription Management repositories.
centos-8-stream-extras                           66 kB/s | 2.1 kB     00:00
8 Modular x86_64                                 81 kB/s | 2.5 kB     00:00
powertools                                       90 kB/s | 2.8 kB     00:00
baseos                                           78 kB/s | 2.4 kB     00:00
appstream                                        86 kB/s | 2.8 kB     00:00
epel                                             78 kB/s | 2.4 kB     00:00
Installed Packages
krb5-libs.i686          1.18.2-22.el8         @centos-8-stream_baseos
krb5-libs.x86_64        1.18.2-22.el8         @centos-8-stream_baseos
openssl.x86_64          1:1.1.1k-7.el8        @centos-8-stream_baseos
What would you suggest doing?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b

Post by TrevorH » 2023/01/17 14:41:46

I'd suggest running away from Stream as fast as you can go. There was an important security update to krb5-libs for RHEL 8 and that was released for Rocky on 2022-11-28. The Stream 8 version appears to be dated 2022-11-23 and is the older non-patched version number. The RHEL 8 copy change log contains

Code: Select all

$ rpm -q --changelog  krb5-libs
* Tue Nov 08 2022 Julien Rische <jrische@redhat.com> - 1.
- Fix integer overflows in PAC parsing (CVE-2022-42898)
- Resolves: rhbz#2140967
I did check the changelog on the Stream 8 copy in the repos with the older version number and it does list that as fixed but the version number does not match the RHEL or Rocky one which makes it quite difficult to track what's on and what is not. Same story with the openssl package, also has a version number that does not match what's in RHEL or the clones though the rpm changelog looks the same. This version number thing is stupid as it means all the RHEL errata package lists are invalid for Stream 8.

Having said all that, I am not sure your error is due to this. It looks like perhaps you are running an app that is linked against a different version of that lib. Does it tell you what is looking in /usr/lib64/libk5crypto.so.3 for this symbol?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

sam.gaid
Posts: 3
Joined: 2023/01/17 05:12:37

Re: libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b

Post by sam.gaid » 2023/01/17 18:26:08

I tried the same APP on a server with CentOS 7 and it worked fine. It is the issue with CentOS 8 Stream :(

Thanks for your help and quick responses.

Post Reply