Hi, > When building an OpenSSL shared library on Solaris with FIPS support you get > a multiply defined symbol error: > > ld: fatal: symbol 'bn_mul_mont_fpu' is multiply-defined: > (file /usr/local/ssl/fips-2.0/lib//fipscanister.o type=FUNC; file > libcrypto.a(sparcv9a-mont.o) type=FUNC); > ld: fatal: file processing errors. No output written to libcrypto.so.1.0.0 > make[4]: *** [link_a.solaris] Error 1 > > > This traces back to the fipssyms.h header file NOT defining bn_mul_mont_fpu > when building the fipscanister. NOTE: the bn_mul_mont_fpu function in the > SPARC assembly file (sparcv9a-mont.s) would also need to get redefined as > fips_bn_mul_mont.
Quoting RT#3713: "The reason for why the problem in question (and similar) slip through is that FIPS module validation procedure, exhausting as it is, does not involve linking with "big" OpenSSL. As result one risks to remain oblivious of them on rare platforms such as one in question till it becomes too late. But luckily enough one can modify "big" OpenSSL to accommodate such mishaps. Renaming symbols as general method or case-specific workarounds ... is the way to go." Once again, "renaming symbols" refers to renaming in "big" OpenSSL, not in FIPS source, which can't be modified at will. As for case-specific workarounds in this case adding '.weak $fname' right after '.global $fname' in sparcv9a-mont.pl in "big" OpenSSL should do the trick. Could you verify and report back? -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4300 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
