Hi All, I am trying to build a shared object which would use FIPS cannister with licrypto static library.
Platform - Linux (SUSE) Architecture - x86_64 These are the steps that I did openssl-fips-2.0.5 1> ./config fipscanisterbuild 2> make 3> make install The above steps result in 1> /usr/local/ssl/fips-2.0/lib -> fipscanister.o fipscanister.o.sha1 fips_premain.c fips_premain.c.sha1 2> /usr/local/ssl/fips-2.0/bin -> fipsld fips_standalone_sha1 openssl-1.0.1f 1> ./config fips -d no-shared -fPIC 2> make depend 3> make 4> make install The above steps result in among other things 1> /usr/local/ssl/lib -> libcrypto.a libssl.a Now to use the static version of libcrypto, I have followed the steps listed in User Guide 2.0 export CC=/usr/local/ssl/fips-2.0/bin/fipsld export FIPSLD_CC=gcc When I invoke the linking process, I see that fipsld is trying to load the shared object being created. The shared object prints debug message to console on load and somehow they are being passed to gcc. Also, I see errors being reported from fips_premain.c. If I directly link fipscannister.o to my shared object and then run incore, I get the error that the shared object passed to incore is not cross compiler aware although i get the hash printed on console when i use the dso option with incore. The compilation and error message are as below Compiling: readkmo.cpp /usr/local/ssl/fips-2.0/bin/fipsld -c -v -Wall -Werror -fPIC -errwarn=%all -o ../obj/linux_x64/debug/readkmo.o -g -D DEBUG -I ../inc -I /usr/local/ssl/include ../src/readkmo.cpp 2>./readkmo.o_err 1>./readkmo.o_err Linking: ../obj/linux_x64/debug/libxyz.so /usr/local/ssl/fips-2.0/bin/fipsld -fPIC --shared -Wl,-init=_attach -Wl,-fini=_detach -o ../obj/linux_x64/debug/xyz.so ../obj/linux_x64/debug/readkmo.o -Wl,--whole-archive /usr/local/ssl/lib/libssl.a -Wl,--no-whole-archive /usr/local/ssl/lib/libcrypto.a 2>./libxyz.so_err 1>./libxyz.so_err make: *** [../obj/linux_x64/debug/libxyz.so] Error 1 ============= ERROR FILE: libxyz.so_err ================== gcc: Failed: No such file or directory gcc: to: No such file or directory gcc: open: No such file or directory gcc: log: No such file or directory gcc: file: No such file or directory gcc: for: No such file or directory gcc: xyz: No such file or directory gcc: 13: No such file or directory gcc: 542c6482d71dbae65dc87d46ade8a13bfaeae0a6": No such file or directory gcc: unrecognized option '-2123296768' gcc: -E or -x required when input is from standard input gcc: -E or -x required when input is from standard input /usr/local/ssl/fips-2.0/bin/../lib/fips_premain.c:82: error: missing terminating " character /usr/local/ssl/fips-2.0/bin/../lib/fips_premain.c:82: error: expected expression before ‘;’ token /usr/local/ssl/fips-2.0/bin/../lib/fips_premain.c: In function ‘FINGERPRINT_premain’: /usr/local/ssl/fips-2.0/bin/../lib/fips_premain.c:103: warning: comparison between pointer and integer I have been looking around the forum for manually performing the steps without use of fipsld but could not make much progress. Couple of questions that I have 1> When fipsld is trying to load the shared object being created, why are the debug messages printed passed to gcc. How do i overcome this? 2> If 1 is not feasible, then how do i manually go about embedding the cannister with the hash into my shared object. I have tried using the dynamic version of FIPS capable openssl libraries and they work correctly in FIPS mode with my shared object but I need to use the static library. Thanks, Abhishek -- View this message in context: http://openssl.6102.n7.nabble.com/FIPS-build-of-static-libcrypto-for-a-shard-object-tp48751.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
