Hi Everyone, I tried to build a FIPS capable OpenSSL Ubuntu package (using the Ubuntu 12.04 debian build scripts). The Ubuntu package uses Configure for configuring the source tree with the following parameters: *ARCH_CONFARGS := enable-ec_nistp_64_gcc_128CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) fips no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2 $(ARCH_CONFARGS)* I ran into the following errors near the end of the build: *shlib_target=; if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then \ shlib_target="linux-shared"; \ elif [ -n "libcrypto" ]; then \ FIPSLD_CC="gcc"; CC=/usr/local/ssl/fips-2.0/bin/fipsld; export CC FIPSLD_CC; \ fi; \ LIBRARIES="-L.. -lssl -L.. -lcrypto" ; \ make -f ../Makefile.shared -e \ APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o" \ LIBDEPS=" $LIBRARIES -ldl -lz" \ link_app.${shlib_target}make[3]: Entering directory `/home/precise/amd64/openssl/openssl-1.0.1/apps'speed.o: In function `speed_main':/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1219: undefined reference to `private_DES_set_key_unchecked'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1220: undefined reference to `private_DES_set_key_unchecked'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1221: undefined reference to `private_DES_set_key_unchecked'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1224: undefined reference to `private_AES_set_encrypt_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1225: undefined reference to `private_AES_set_encrypt_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1226: undefined reference to `private_AES_set_encrypt_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1229: undefined reference to `private_Camellia_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1230: undefined reference to `private_Camellia_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1231: undefined reference to `private_Camellia_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1237: undefined reference to `private_SEED_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1240: undefined reference to `private_RC4_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1243: undefined reference to `private_RC2_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1249: undefined reference to `private_BF_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1252: undefined reference to `private_CAST_set_key'collect2: ld returned 1 exit status* By comparing with the build from the stock tarball, I noticed that the above symbols were shown as local (t) in libcrypto.so, while they're shown as global (T) in the libcrypto.so which was built from the stock openssl tarball. I found that if I add the above symbols to the openssl.ld file, then the build went through without problems. My questions are: 1. How was the openssl.ld file generated? 2. Is it an ok solution to add the above symbols to openssl.ld? 3. How to control the symbols visibility in the Makefile so that these symbols will be exposed as global in the libcrypto.so? -- Thanks, Rich -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160212/4b054574/attachment.html>