cst-3.3.1 back_end-hsm linker error

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

cst-3.3.1 back_end-hsm linker error

Jump to solution
6,202 Views
cheuschkel
Contributor III

I am receiving the following error when following directions to build the back end HSM source code from the recently released NXP CST 3.3.1 package (note in the directory listing that I had copied in the libfrontend.a which was built successfully):

 

osboxes@osboxes:~/cst-3.3.1/code/back_end-hsm/src$ make clean
$ARCH is []
rm -f backend.o config.o e_hsm.o e_hsm_err.o openssl_helper.o *~ core tags *.bak Makefile.bak libbackend.*
osboxes@osboxes:~/cst-3.3.1/code/back_end-hsm/src$ ls -al
total 680
drwxr-xr-x 3 osboxes osboxes   4096 Sep 20 22:46 .
drwxr-xr-x 4 osboxes osboxes   4096 Aug 14 08:53 ..
-rwxr-xr-x 1 osboxes osboxes  38775 Aug 14 08:56 backend.c
-rwxr-xr-x 1 osboxes osboxes   3874 Aug 14 08:56 config.c
-rwxr-xr-x 1 osboxes osboxes  51093 Aug 14 08:56 e_hsm.c
-rwxr-xr-x 1 osboxes osboxes   8670 Aug 14 08:56 e_hsm_err.c
drwxr-xr-x 2 osboxes osboxes   4096 Aug 14 08:53 include
-rwxr-xr-x 1 osboxes osboxes  96914 Sep 20 22:46 lib
-rw-rw-r-- 1 osboxes osboxes 437150 Sep 20 13:25 libfrontend.a
-rwxr-xr-x 1 osboxes osboxes   1937 Sep 20 22:22 Makefile
-rw-r--r-- 1 osboxes osboxes  12288 Sep 20 22:22 .Makefile.swp
-rwxr-xr-x 1 osboxes osboxes   4197 Aug 14 08:56 openssl_helper.c
-rw------- 1 osboxes osboxes  12288 Sep 20 21:34 .swp
osboxes@osboxes:~/cst-3.3.1/code/back_end-hsm/src$ make 
$ARCH is []
[Compile] backend.c
[Compile] config.c
[Compile] e_hsm.c
[Compile] e_hsm_err.c
[Compile] openssl_helper.c
[Link (Static) libbackend]
osboxes@osboxes:~/cst-3.3.1/code/back_end-hsm/src$ make all
$ARCH is []
gcc   -std=c99  -D_POSIX_C_SOURCE=200809L -Wall -Werror -g -Wall -o cst  libfrontend.a libbackend.a -L./lib  -I/../openssl/include -mno-ms-bitfields -L/../openssl/lib -lssl -lcrypto -ldl -lpthread -lconfig -fno-builtin -fno-strict-aliasing -fno-common -DREMOVE_ENCRYPTION -Wl,--allow-multiple-definition
/usr/bin/ld: libfrontend.a(csf_cmd_ins_key.o): in function `cmd_handler_installcsfk':
/home/osboxes/cst-3.3.1/code/cst/code/obj.linux64/../../code/front_end/src/csf_cmd_ins_key.c:741: undefined reference to `get_der_encoded_certificate_data'
/usr/bin/ld: libfrontend.a(csf_cmd_ins_key.o): in function `cmd_handler_installnocak':
/home/osboxes/cst-3.3.1/code/cst/code/obj.linux64/../../code/front_end/src/csf_cmd_ins_key.c:847: undefined reference to `get_der_encoded_certificate_data'
/usr/bin/ld: libfrontend.a(csf_cmd_ins_key.o): in function `cmd_handler_installkey':
/home/osboxes/cst-3.3.1/code/cst/code/obj.linux64/../../code/front_end/src/csf_cmd_ins_key.c:992: undefined reference to `get_der_encoded_certificate_data'
collect2: error: ld returned 1 exit status
make: *** [Makefile:77: all] Error 1

 

  

I'm not sure how get_der_encoded_certificate_data is supposed to be linked in in the first place. In the back_end-engine source, this function exists in backend.c, but in back_end-hsm backend.c, it does not. Can you please tell me if I'm missing a step?

0 Kudos
1 Solution
6,003 Views
cheuschkel
Contributor III

In addition to your recommendations, I also had to add the following files to back_end-hsm/src (and associated header files for each source file to back_end-hsm/src/include) and the local copies to the back_end-hsm/Makefile:

cst/code/back_end/src/adapt_layer_openssl.c

cst/code/back_end/src/pkey.c

After that, I was able to clean, re-run make, and run make all and build successfully. The cst executable now works, but I cannot yet attest to it working with my HSM as I'd expect. I suppose that means this can be closed since I solved the original linker problem. Thanks for all of the help.

View solution in original post

23 Replies
3,714 Views
YairBA
Contributor II
 
942 Views
cheuschkel
Contributor III

Thanks! I also have a Nitrokey HSM so this is promising. My end goal is to use a cloud-based HSM, which I did get working with the CST after the modifications in this post for CST v3.3.1 on Ubuntu 16.04 (OpenSSL v1.0.2g), but then I was having issues with mkimage. So I will now try your suggested changes to get this all working on a newer distro.

Regards,

Cory

1,101 Views
cheuschkel
Contributor III

I tried your suggestions but still ended up with the aforementioned engine error. So, in the makefile I went in and edited the CST Makefile to remove the `no-engine` call from OPENSSL_CONFIG. Then running `make all` for the back-end_hsm again, I end up pretty much back at square one.

 

 

 

I guess now I'm at a point where OpenSSL is again causing problems. I've been working to just try to get an answer from NXP on what OpenSSL and Linux distributions should be used. I am using VMs, so really I am flexible on what to use. But I have yet to find a straight answer on suggesting a distro and OpenSSL version. If you can also provide that information @YairBA, it would be appreciated.

EDIT: I think that this was due to the custom install of OpenSSL v1.0.2. I'm going to move forward with just using Ubuntu v16.04 which includes the system-level 1.0.2g.

0 Kudos