Hi Everyone,
I tried to build a FIPS capable OpenSSL Ubuntu package (using the Ubuntu
12.04 debian build scripts).
The Ubuntu package uses Configure for configuring the source tree with the
following parameters:
*ARCH_CONFARGS := enable-ec_nistp_64_gcc_128CONFARGS = --prefix=/usr
--openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) fips no-idea
no-mdc2 no-rc5 zlib enable-tlsext no-ssl2 $(ARCH_CONFARGS)*
I ran into the following errors near the end of the build:
*shlib_target=; if [ -n "libcrypto.so.1.0.0 libssl.so.1.0.0" ]; then \
shlib_target="linux-shared"; \ elif [ -n "libcrypto" ]; then \
FIPSLD_CC="gcc"; CC=/usr/local/ssl/fips-2.0/bin/fipsld; export CC
FIPSLD_CC; \ fi; \ LIBRARIES="-L.. -lssl -L.. -lcrypto" ; \ make
-f ../Makefile.shared -e \ APPNAME=openssl OBJECTS="openssl.o
verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o
errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o
ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o
s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o
nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o
rand.o engine.o ocsp.o prime.o ts.o srp.o" \ LIBDEPS=" $LIBRARIES
-ldl -lz" \ link_app.${shlib_target}make[3]: Entering directory
`/home/precise/amd64/openssl/openssl-1.0.1/apps'speed.o: In function
`speed_main':/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1219:
undefined reference to
`private_DES_set_key_unchecked'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1220:
undefined reference to
`private_DES_set_key_unchecked'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1221:
undefined reference to
`private_DES_set_key_unchecked'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1224:
undefined reference to
`private_AES_set_encrypt_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1225:
undefined reference to
`private_AES_set_encrypt_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1226:
undefined reference to
`private_AES_set_encrypt_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1229:
undefined reference to
`private_Camellia_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1230:
undefined reference to
`private_Camellia_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1231:
undefined reference to
`private_Camellia_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1237:
undefined reference to
`private_SEED_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1240:
undefined reference to
`private_RC4_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1243:
undefined reference to
`private_RC2_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1249:
undefined reference to
`private_BF_set_key'/home/precise/amd64/openssl/openssl-1.0.1/apps/speed.c:1252:
undefined reference to `private_CAST_set_key'collect2: ld returned 1 exit
status*
By comparing with the build from the stock tarball, I noticed that the
above symbols were shown as local (t) in libcrypto.so, while they're shown
as global (T) in the libcrypto.so which was built from the stock openssl
tarball. I found that if I add the above symbols to the openssl.ld file,
then the build went through without problems.
My questions are:
1. How was the openssl.ld file generated?
2. Is it an ok solution to add the above symbols to openssl.ld?
3. How to control the symbols visibility in the Makefile so that these
symbols will be exposed as global in the libcrypto.so?
--
Thanks,
Rich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160212/4b054574/attachment.html>
