Problem using fips_premain.c with Sun Studio 12

Thu, 28 May 2009 07:31:21 -0700 

We are encountering an error when trying to link openssl-fips using Sun
Studio. When we use C++ we are getting  

line 71: Error: Cannot use const char[41] to initialize const unsigned
char[40]

 

We also changed the fipsld script to compile fips_premain.c using the C
compiler, this results in some DSO errors.

 

Here is the change to fipsld:

 

#ORIGINAL

#${CC}  ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \

#       "${PREMAIN_C}" \

#       ${_WL_PREMAIN} "$@"

 

#MODIFIED TO USE cc

/opt/SUNWspro/bin/cc ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \

"${PREMAIN_C}" \

${_WL_PREMAIN} "$@"

 

 

The result:

 

 

(debug)TARGET = /apps/mombuild/oc/ OC_6.3.0/MOM_OC/lib/libbaselt630.so

(debug)FIPSLD PREMAIN_C =
/apps/fips_build3/openssl-fips-1.2/fips/fips_premain.c

(debug)generate signature target =
/apps/mombuild/oc/OC_6.3./MOM_OC/lib/libbaselt630.so

293:error:25066067:DSO support routines:DLFCN_LOAD:could not load the
shared library:dso_dlfcn.c:162:filename(/apps/mombuild/oc/
OC_6.3.0/MOM_OC/lib/libbaselt630.so): ld.so.1: fips_premain_dso: fatal:
relocation error: file /apps/mombuild/oc/
OC_6.3.0/MOM_OC/lib/libbaselt630.so: symbol __1cDstdJexceptionG__vtbl_:
referenced symbol not found

293:error:25070067:DSO support routines:DSO_load:could not load the
shared library:dso_lib.c:244:

 

I think the LD_LIBRARY_PATH has everything it would need here:

 

{/ apps/mombuild/oc/ OC_6.3.0/MOM_OC/baselt} $ echo $LD_LIBRARY_PATH

/usr/lib:/lib:/apps/fips_build3/openssl-fips-1.2/fips:/apps/fips_build3/
openssl-fips-1.2::/apps/mombuild/oc/
OC_6.3.0/MOM_OC/lib/:/apps/Tuxd10/lib:

 

 

 We also tried to put {} around the #defined string this results in a
fingerprint error. 

 

I have looked at several messages on the board that refer to this exact
problem

 

http://rt.openssl.org/Ticket/Display.html?id=1358&user=guest&pass=guest

http://www.mail-archive.com/openssl-users@openssl.org/msg45116.html

 

However we are currently not having any success implementing the
suggested workarounds.

 

Our linking command:

 

/apps/fips_build3/openssl-fips-1.2/fips/fipsld -G -o
/apps/mombuild/oc/OC_6.3.0/MOM_OC/lib/libbaselt630.so severity.o
tobjcllctn.o tobjntrfh.o sectknl.o opqbase.o opqcriticbase.o trnsexcpb.o
tranarg.o /apps/fips_build3/openssl-fips-1.2/fips/fipscanister.o
/apps/fips_build3/openssl-fips-1.2/libcrypto.so

 

 

Current FIPS build test does pass:

 

        FIPS-mode test application

 

1. Non-Approved cryptographic operation test...

        a. Included algorithm (D-H)...successful

ETCETERA...

All tests completed with 0 errors

 

Thanks

Greg

Reply via email to