awscrt python module throwing 'undefined symbol: EVP_aead_aes_128_gcm_tls13' error in ARM yocto

Question

I have a custom ARM gateway on which I am trying to run a greengrass v2 component. This requires python awsiotsdk. But when I import the awsiotsdk I am getting this error:

ImportError: /usr/lib/python3.7/site-packages/_awscrt.cpython-37m-arm-linux-gnueabi.so: undefined symbol: EVP_aead_aes_128_gcm_tls13

When I ran the same component in an x86 environment with the same awsiotsdk version, I did not get the error.

This is the difference I noticed:

ARM GATEWAY

bash-5.0# strings   /usr/lib/python3.7/site-packages/_awscrt.cpython-37m-arm-linux-gnueabi.so    | grep -i EVP_aead_aes_128_gcm_tls13
    EVP_aead_aes_128_gcm_tls13
    EVP_aead_aes_128_gcm_tls13
    EVP_aead_aes_128_gcm_tls13
    bash-5.0#

X86 LAPTOP

    bash-4.2# strings   /usr/local/lib64/python3.7/site-packages/_awscrt.cpython-37m-x86_64-linux-gnu.so    | grep -i EVP_aead_aes_128_gcm_tls13
    EVP_aead_aes_128_gcm_tls13
    EVP_aead_aes_128_gcm_tls13_storage
    EVP_aead_aes_128_gcm_tls13_once_bss_get
    EVP_aead_aes_128_gcm_tls13_storage_bss_get
    EVP_aead_aes_128_gcm_tls13_do_init
    EVP_aead_aes_128_gcm_tls13_init
    EVP_aead_aes_128_gcm_tls13_once
    EVP_aead_aes_128_gcm_tls13_init
    EVP_aead_aes_128_gcm_tls13_storage
    EVP_aead_aes_128_gcm_tls13_once
    EVP_aead_aes_128_gcm_tls13
    bash-4.2#

Btw the awscrt module in the gateway was compiled during the "pip install" step. So I thought maybe it has to do with openssl? Maybe the gateway does not not support TLS1.3. But it looks like the gateway does support TLS1.3 .

bash-5.0# openssl version
OpenSSL 1.1.1g  21 Apr 2020
bash-5.0#

How to resolve this?

`EVP_aead_aes_128_gcm_tls13` looks like an OpenSSL thing but actually isn't. OpenSSL defines numerous `EVP_*` functions but this one does not exist. Some google searching suggests this might be a BoringSSL thing instead (BoringSSL is a fork of OpenSSL) — Matt Caswell, Sep 22 '22 at 15:36
Thats very strange. It doesnt look lile awscrt code references EVP_aead_aes_128_gcm_tls13. Maybe this dependency is introduced during build on the Gateway. Not sure how to confirm. Dont think yocto OS has boringssl — Kiran G, Sep 22 '22 at 15:44

score 0 · Answer 1 · answered Sep 23 '22 at 05:23

I could confirm that symbols like "EVP_aead_aes_128_gcm_tls13" is part of the "awscrt" python module and they are taken from boringssl project.

In my case somehow the "setup.py" build from inside the gateway failed to include this functionality. But when I built awscrt with the yocto cross-toolchain in my laptop, it worked.

awscrt python module throwing 'undefined symbol: EVP_aead_aes_128_gcm_tls13' error in ARM yocto

1 Answers1