> On Mar 2, 2015, at 4:18 AM, Mrunal Nerpawar <p.mru...@gmail.com> wrote: > > Thanks Tom for the reply. > > I know I am replying really late, but the option you mentioned is tried but > is not working either. :( > > Anything else i can try?
Since I no longer have access to that compiler, and I don’t generally bother with FIPS 140 anymore, I can’t be sure, but I suspect the problem is described here: http://h21007.www2.hp.com/portal/download/files/prot/files/linker/onlinehelp/compileandlink.htm (see “Linker Thread-safe features”). Originally, I was thinking this was an actual link error, but now that I think about it, it’s probably coming from when fips_premain_dso is run to determine the signature to be embedded. And if that’s the case, you’re pretty much out of luck — there’s no way to modify fips_premain_dso to avoid the shl_load() call (not and still be following the security policy), and there’s no way to make shl_load() succeed. shl_load() simply doesn’t work with TLS. If you could somehow change your use of OpenSSL and the FIPS Object Module such that OpenSSL is linked statically into an executable (that is, a complete executable, not a shared library) then you could probably make it work. :( You can verify if that’s the case by adding more output to your fipsld script; I suspect you’ll see the failure from the line: SIG=`”${PREMAIN_DSO}” “${TARGET}”` There should be code in fipsld to error out if that failed, but perhaps that was disabled? Anyway, if the error is not from invoking fips_premain_dso, then something else is wrong, and I’d suggest opening a support case with HP. TOM > -Mrunal > > On Wed, Feb 25, 2015 at 8:31 AM, Tom Francis <thomas.francis...@pobox.com> > wrote: > Have you tried changing FIPSLD_CC and FIPSLD_LINK to include the necessary > options (e.g. -mt)? Note: it might be simpler to modify fipsld instead, > depending on how easy/hard it is to maintain spaces properly when settings > FIPSLD_CC and FIPSLD_LINK. Since the fipsld script is just a convenience > script to help you meet the requirements of the security policy, you’re free > to modify it. Just don’t modify it such that the security policy is no > longer followed. Generally speaking, adding more options to the compile and > link steps will be safe. > > TOM > > > On Feb 23, 2015, at 4:36 AM, Mrunal Nerpawar <p.mru...@gmail.com> wrote: > > > > Details > > ====== > > Fips 2.0.5 configured with no-asm and threads. > > Openssl 1.0.1H configured with shared, fips, threads no-asm (many alogos > > omitted) > > compiler - using aCC 6.25 on HPUX-IA64 11.23. > > > > bash-2.05$ aCC --version > > aCC: HP C/aC++ B3910B A.06.25.02 [Nov 25 2010] > > bash-2.05$ > > > > product linking with fipsld fails with error ... > > ================================= > > :DLFCN_LOAD:could not load the shared > > library:dso_dlfcn.c:187:filename(./objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0): > > Cannot dlopen load module '/usr/lib/hpux32/libpthread.so.1' because it > > contains thread specific data. > > > > Options tried > > ========== > > * Compiling Cxx sources with -mt. > > * Linking with -lpthread, > > * setting LD_PRELOAD. > > None worked effectively. with LD_PRELOAD option, ended up getting error - > > undefined symbol Ztil, etc. > > > > complete error is as follows. > > ===================== > > > > Building shared library > > objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0 > > FIPSLD_CC=aCC FIPSLD_LINK=aCC > > /unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/OpenSource/ssl-1.0.1h/bin/fipsld > > +Z -b -g -O2 -AA -Wl,+s +tls=dynamic -o > > objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0 > > objs/HP-UX-B.11.23-ia64-64/stdafx.o objs/HP-UX-B.11.23-ia64-64/UserUtil.o > > objs/HP-UX-B.11.23-ia64-64/LSSpawner.o > > objs/HP-UX-B.11.23-ia64-64/LSFilter.o > > objs/HP-UX-B.11.23-ia64-64/LSCmdOutputParser.o > > objs/HP-UX-B.11.23-ia64-64/LSBuilderAndProcessor.o > > objs/HP-UX-B.11.23-ia64-64/LSBuilderAndProcessor_1.o > > objs/HP-UX-B.11.23-ia64-64/LSBuilderAndProcessor_2.o > > objs/HP-UX-B.11.23-ia64-64/GroupUtil.o > > objs/HP-UX-B.11.23-ia64-64/ShadowHelper.o > > objs/HP-UX-B.11.23-ia64-64/BlockedFiles.o > > objs/HP-UX-B.11.23-ia64-64/NISUtil.o objs/HP-UX-B.11.23-ia64-64/Utilities.o > > objs/HP-UX-B.11.23-ia64-64/MachineUtil.o > > objs/HP-UX-B.11.23-ia64-64/BvNetworkInfo.o > > objs/HP-UX-B.11.23-ia64-64/NSSwitch.o > > objs/HP-UX-B.11.23-ia64-64/FileUtil_1.o > > objs/HP-UX-B.11.23-ia64-64/FileUtil_2.o > > objs/HP-UX-B.11.23-ia64-64/SecurityThreatCheck.o > > objs/HP-UX-B.11.23-ia64-64/UserEnumerator.o > > objs/HP-UX-B.11.23-ia64-64/LocalUserEnumerator.o > > objs/HP-UX-B.11.23-ia64-64/UnixUserEnumerator.o > > objs/HP-UX-B.11.23-ia64-64/WinUserEnumerator.o > > objs/HP-UX-B.11.23-ia64-64/GetEntHandler.o > > objs/HP-UX-B.11.23-ia64-64/UnixShadowReader.o > > objs/HP-UX-B.11.23-ia64-64/EtcShadowReader.o > > objs/HP-UX-B.11.23-ia64-64/UnixEtcShadowReader.o > > objs/HP-UX-B.11.23-ia64-64/AIXShadowHelper.o > > objs/HP-UX-B.11.23-ia64-64/HPLoginsShadowHelper.o > > objs/HP-UX-B.11.23-ia64-64/HPTcbShadowHelper.o > > objs/HP-UX-B.11.23-ia64-64/UnixHPShadowReader.o > > objs/HP-UX-B.11.23-ia64-64/ProcessUtil.o > > objs/HP-UX-B.11.23-ia64-64/FieldUtils.o > > objs/HP-UX-B.11.23-ia64-64/LoggedInUserInfo.o > > objs/HP-UX-B.11.23-ia64-64/TcpdRulesParser.o > > objs/HP-UX-B.11.23-ia64-64/DirectoryUtil.o > > objs/HP-UX-B.11.23-ia64-64/Timestamp.o > > objs/HP-UX-B.11.23-ia64-64/Timespan.o > > objs/HP-UX-B.11.23-ia64-64/NumberFormatter.o > > objs/HP-UX-B.11.23-ia64-64/DateTimeParser.o > > objs/HP-UX-B.11.23-ia64-64/DateTimeFormatter.o > > objs/HP-UX-B.11.23-ia64-64/DateTimeFormat.o > > objs/HP-UX-B.11.23-ia64-64/DateTime.o objs/HP-UX-B.11.23-ia64-64/Timezone.o > > objs/HP-UX-B.11.23-ia64-64/LocalDateTime.o > > objs/HP-UX-B.11.23-ia64-64/RFUtilities.o > > objs/HP-UX-B.11.23-ia64-64/OpenPortUtil.o > > objs/HP-UX-B.11.23-ia64-64/AIXStanzaReader.o > > objs/HP-UX-B.11.23-ia64-64/Bugcheck.o objs/HP-UX-B.11.23-ia64-64/DateTime.o > > objs/HP-UX-B.11.23-ia64-64/Debugger.o > > objs/HP-UX-B.11.23-ia64-64/Exception.o > > objs/HP-UX-B.11.23-ia64-64/GroupEnumerator.o > > objs/HP-UX-B.11.23-ia64-64/UnixGroupEnumerator.o > > objs/HP-UX-B.11.23-ia64-64/FileInfoFetcher.o > > objs/HP-UX-B.11.23-ia64-64/UnixFileInfoAccessor.o > > objs/HP-UX-B.11.23-ia64-64/FileStatSysCallProcessor.o > > objs/HP-UX-B.11.23-ia64-64/StatSysCallFileInfoFetcherImpl.o > > objs/HP-UX-B.11.23-ia64-64/FileInfoAccessor.o > > objs/HP-UX-B.11.23-ia64-64/FileProcessorObjectFactory.o > > objs/HP-UX-B.11.23-ia64-64/UUID.o objs/HP-UX-B.11.23-ia64-64/RandomStream.o > > objs/HP-UX-B.11.23-ia64-64/Random.o objs/HP-UX-B.11.23-ia64-64/SHA1Engine.o > > objs/HP-UX-B.11.23-ia64-64/DigestEngine.o > > objs/HP-UX-B.11.23-ia64-64/FileDescriptorUtil.o > > objs/HP-UX-B.11.23-ia64-64/PasswordInfo.o > > objs/HP-UX-B.11.23-ia64-64/DictionaryReader.o > > objs/HP-UX-B.11.23-ia64-64/PasswordCracker.o > > objs/HP-UX-B.11.23-ia64-64/md5crypt.o > > -L/unixhome/user/workspace/ontrolShared/UnixReusableClasses/lib/HP-UX-B.11.23-ia64-64 > > -lReCpp -lReCommon > > -L/unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/lib -lcrypto > > -L/unixhome/user/workspace/product/lib/HP-UX-B.11.23-ia64-64 -lAgentCommon > > -lReCoreClasses -lCommonLib -lsec > > fipsld: > > THERE=/unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/OpenSource/ssl-1.0.1h/bin/.. > > fipsld: TARGET=./objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0 > > fipsld: > > CANISTER_O=/unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/OpenSource/ssl-1.0.1h/bin/../lib/fipscanister.o > > fipsld: > > PREMAIN_C=/unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/OpenSource/ssl-1.0.1h/bin/../lib/fips_premain.c > > fipsld: PREMAIN_O=objs/HP-UX-B.11.23-ia64-64/fips_premain.o > > fipsld: FIPSLIBDIR= > > fipsld: FIPSLD_CC=aCC > > fipsld: FIPSLD_LINK=aCC > > fipsld: Linking shared library file. > > fipsld: Compiling > > "/unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/OpenSource/ssl-1.0.1h/bin/../lib/fips_premain.c". > > fipsld: Linking "./objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0" > > with FIPS libaries. > > 2130621380:error:25066067:DSO support routines:DLFCN_LOAD:could not load > > the shared > > library:dso_dlfcn.c:187:filename(./objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0): > > Cannot dlopen load module '/usr/lib/hpux32/libpthread.so.1' because it > > contains thread specific data. > > 2130621380:error:25070067:DSO support routines:DSO_load:could not load the > > shared library:dso_lib.c:244: > > /unixhome/user/workspace/product/Packages/BuildScripts/Makefiles/Make.inc.shlib.rules:73: > > recipe for target 'objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0' > > failed > > gmake: *** [objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0] Error 1 > > bash-2.05$ > > > > > > We are running short of time. If anybody has any solutions/suggestions > > help, would be appreciated. > > > > Thanks in advance. > > > > Best regards, > > Mrunal > > _______________________________________________ > > openssl-users mailing list > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
