I'm mailing this to <openssl-dev>, not to <rt>, because it's not related to original report.
>>> Most importantly, FIPS canister built with ASM also fails as it >>> contains aes-x86_64.o and x86_64cpuid.o. The only way to build >>> usable FIPS canister is building it without ASM, i.e., "./config >>> fipscanisterbuild no-asm && make". >> I can't confirm this. I.e. if I './config fipscanisterbuild' on >> FreeBSD 8.2, it builds without errors. As mentioned above, because >> even on FreeBSD pristine openssl tar-ball passes -Bsymbolic to >> linker. Or do you mean you get failure later on, when you link with >> fipscanister.o with own link rules? BTW, linking fipscanister.o with >> -Bsymbolic is also *more than appropriate*, because it assures that >> execution flow is contained within the module. > > For fipscanister.o and stuff, it builds fine without a complaint but > it crashes later on, i.e., when .init section is executed. Care to provide more details? Specific steps to reproduce the problem. Or stack back-trace. The thing is that new validation is coming up and it makes sense to double-check all problems found in previous code. > Please > note we are not supposed to link fipscanister.o directly but fipsld > must be used, instead of cc/ld. If "-Bsymbolic" was absolutely > required for FIPS-capable binary build, it had to be passed down from > fipsld, IMHO. Point taken. A. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
