Thank you very much! How did you come to this solution?
--
View this message in context:
http://old.nabble.com/Cannot-build-shared-library-on-Linux-with-FIPS-capable-OpenSSL-tp29946444p34510054.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
Hello,
The problem is resolved with the linker option, -Wl,-Bsymbolic, when
building the library.
Here are the details:
On 32-bit Ubuntu 8.04, here is how to build a dynamic library that
statically links with the FIPS-capable crypto library from OpenSSL.
===> cmd.cpp
#include
#include
int
m
On Wed, Oct 13, 2010 at 1:21 PM, Bill Durant wrote:
Here is the result with fipsld in debug mode:
[snip]
$ ldd foobar
linux-gate.so.1 => (0x003ab000)
--> libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0x006e1000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00e8a000)
On Oct 13, 2010, at 11:30 AM, Michael S. Zick wrote:
On Wed October 13 2010, Bill wrote:
Hello Mike,
It is not a script:
===> Ubuntu 8.04
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu 8.04.4 LTS"
$ which gcc
/usr/bin/gcc
$ f
Here is the result with fipsld in debug mode:
$ make clean
rm -rf libfoo.so.1 foo.o cmd *.so foobar foobar2
$ make
gcc -c foo.cpp -fPIC -Wall -I./openssl-0.9.8o-fips/include -I.
rm -f libfoo.so
FIPSLIBDIR=openssl-0.9.8o-fips/lib FIPSLD_CC=gcc ./openssl-0.9.8o-fips/
bin/fipsld -shared -Wl,-sona
On Oct 13, 2010, at 11:27 AM, Dr. Stephen Henson wrote:
On Wed, Oct 13, 2010, Bill wrote:
Hi Steve,
Thank you for the suggestion but It did not help:
$ make
gcc -c foo.cpp -fPIC -Wall -I./openssl-0.9.8o-fips/include -I.
rm -f libfoo.so
FIPSLD_CC=gcc ./openssl-0.9.8o-fips/bin/fipsld -shared
-W
On Wed October 13 2010, Bill wrote:
> Hello Mike,
>
> It is not a script:
>
> ===> Ubuntu 8.04
>
> $ cat /etc/lsb-release
> DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=8.04
> DISTRIB_CODENAME=hardy
> DISTRIB_DESCRIPTION="Ubuntu 8.04.4 LTS"
>
> $ which gcc
> /usr/bin/gcc
>
> $ file /usr/bin/gcc
> /usr/
On Wed, Oct 13, 2010, Bill wrote:
> Hi Steve,
>
> Thank you for the suggestion but It did not help:
>
> $ make
> gcc -c foo.cpp -fPIC -Wall -I./openssl-0.9.8o-fips/include -I.
> rm -f libfoo.so
> FIPSLD_CC=gcc ./openssl-0.9.8o-fips/bin/fipsld -shared
> -Wl,-soname,libfoo.so.1 \
> -
On Oct 13, 2010, at 9:47 AM, Dr. Stephen Henson wrote:
On Tue, Oct 12, 2010, Bill wrote:
Hello Steve,
Good eye! That got rid of the compilation error.
However, FIPS_mode_set(1) fails when it gets called from a "shared"
library
that links with the "static" version of the FIPS-capable OpenSS
Hello Mike,
It is not a script:
===> Ubuntu 8.04
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu 8.04.4 LTS"
$ which gcc
/usr/bin/gcc
$ file /usr/bin/gcc
/usr/bin/gcc: symbolic link to `gcc-4.2'
$ cd /usr/bin
$ file gcc-4.2
gc
On Tue, Oct 12, 2010, Bill wrote:
> Hello Steve,
>
> Good eye! That got rid of the compilation error.
>
> However, FIPS_mode_set(1) fails when it gets called from a "shared" library
> that links with the "static" version of the FIPS-capable OpenSSL library.
>
> Calling FIPS_mode_set(1) works fin
On Tue October 12 2010, Bill wrote:
> Hello Steve,
>
> Good eye! That got rid of the compilation error.
>
> However, FIPS_mode_set(1) fails when it gets called from a "shared"
> library that links with the "static" version of the FIPS-capable
> OpenSSL library.
>
> Calling FIPS_mode_set(1)
Hello Steve,
Good eye! That got rid of the compilation error.
However, FIPS_mode_set(1) fails when it gets called from a "shared"
library that links with the "static" version of the FIPS-capable
OpenSSL library.
Calling FIPS_mode_set(1) works fine when called directly from an
executable
On Tue, Oct 12, 2010, Bill wrote:
> Hello,
>
> I have followed the FIPS UserGuide 1.2 to build a FIPS object module and a
> FIPS capable OpenSSL.
>
> I used openssl-fips-1.2.tar.gz and openssl-0.9.8o.tar.gz to build these.
>
> On Ubuntu, when I try to build a shared library that links with the
>
Hello,
I found a workaround by linking with the FIPS capable "shared" library.
Please let know if any one has been successful in building a shared
library on linux that links with the FIPS capable "static" library.
Thanks,
Bill
On Oct 12, 2010, at 12:33 PM, Bill wrote:
Hello again,
Here
Hello again,
Here is a better example that shows the problem. I would appreciate
any clues on how to solve this.
$ cat foo.cpp
#include
#include
int
fips_check()
{
if (FIPS_mode_set(1) == 0) {
printf("Failed to enable FIPS mode\n");
} else {
16 matches
Mail list logo
