I'm sure I'm doing something stupid. I'm trying to build a FIPS capable
OpenSSL on a run-of-the-mill Linux box. I build the FIPS canister and
untarred a fresh distribution of 'openssl-0.9.7l'. I configured it with
"./config fips no-rc5 no-idea" and it found the FIPS stuff. Then I did a
'make depend' and a 'make', and boom.
The errors are lots of undefined symbols. Code in both the FIPS canister
and the OpenSSL build is conflicting. For example:
../libcrypto.a(err.o):err.c:(.text+0xfa0): first defined here
../libcrypto.a(fipscanister.o): In function `ERR_load_PKCS12_strings':
(.text+0x245b0): multiple definition of `ERR_load_PKCS12_strings'
../libcrypto.a(pk12err.o):pk12err.c:(.text+0x0): first defined here
../libcrypto.a(fipscanister.o): In function `BIO_push':
(.text+0x8270): multiple definition of `BIO_push'
../libcrypto.a(bio_lib.o):bio_lib.c:(.text+0x2e0): first defined here
../libcrypto.a(fipscanister.o): In function `ERR_load_CONF_strings':
(.text+0x15f70): multiple definition of `ERR_load_CONF_strings'
../libcrypto.a(conf_err.o):conf_err.c:(.text+0x0): first defined here
../libcrypto.a(fipscanister.o): In function `BUF_strlcpy':
(.text+0x15be0): multiple definition of `BUF_strlcpy'
../libcrypto.a(buffer.o):buffer.c:(.text+0x0): first defined here
../libcrypto.a(fipscanister.o): In function `ERR_load_crypto_strings':
(.text+0x1b070): multiple definition of `ERR_load_crypto_strings'
../libcrypto.a(err_all.o):err_all.c:(.text+0x0): first defined here
There are many of these functions. All the sk_ functions, BN functions,
and
so on. Apparently, code that's in the FIPS canister is still getting built
in the regular OpenSSL build. I though selecting 'fips' in the config line
was supposed to shut that off.
What stupid thing am I doing wrong?
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
