Hello,
I have followed the FIPS UserGuide 1.2 to build a FIPS object module
and a FIPS capable OpenSSL.
I used openssl-fips-1.2.tar.gz and openssl-0.9.8o.tar.gz to build these.
On Ubuntu, when I try to build a shared library that links with the
FIPS-capable OpenSSL static library, I get the following link error:
$ make
FIPSLD_CC=gcc ./openssl-0.9.8o-fips/bin/fipsld -shared -W1,-
soname,libfoo.so.1 \
-o libfoo.so.1 foo.o ./openssl-0.9.8o-fips/lib/libcrypto.a
cc1: error: unrecognized command line option "-W1,-soname,libfoo.so.1"
make: *** [libfoo.so.1] Error 1
Is there a workaround or a recipe on how to build a shared library on
Linux that links with the FIPS-capable OpenSSL static library?
Here are the details:
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu 8.04.4 LTS"
$ uname -a
Linux ubuntu804vm01 2.6.24-28-generic #1 SMP Thu Sep 16 15:01:14 UTC
2010 i686 GNU/Linux
$ gcc --version
gcc (GCC) 4.2.4 (Ubuntu 4.2.4-1ubuntu4)
Copyright (C) 2007 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There
is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
$ ./openssl-0.9.8o-fips/bin/openssl version
OpenSSL 0.9.8o-fips 01 Jun 2010
===> An executable can be built with OpenSSL FIPS lib
$ make cmd
gcc -c foo.cpp -fPIC -I./openssl-0.9.8o-fips/include
FIPSLD_CC=gcc ./openssl-0.9.8o-fips/bin/fipsld -o cmd foo.o ./
openssl-0.9.8o-fips/lib/libcrypto.a -lstdc++
$ ./cmd
FIPS mode is enabled.
===> Unable to make a shared library with OpenSSL FIPS lib
$ make
FIPSLD_CC=gcc ./openssl-0.9.8o-fips/bin/fipsld -shared -W1,-
soname,libfoo.so.1 \
-o libfoo.so.1 foo.o ./openssl-0.9.8o-fips/lib/libcrypto.a
cc1: error: unrecognized command line option "-W1,-soname,libfoo.so.1"
make: *** [libfoo.so.1] Error 1
===> Here is foo.cpp and the makefile
$ cat foo.cpp
#include <stdio.h>
#include <openssl/evp.h>
int
main()
{
if (FIPS_mode_set(1) == 0) {
printf("Failed to enable FIPS mode\n");
} else {
printf("FIPS mode is enabled.\n");
}
}
$ cat makefile
CC = gcc
OPENSSLDIR = ./openssl-0.9.8o-fips
LIBCRYPTO = $(OPENSSLDIR)/lib/libcrypto.a
INCLUDES = -I$(OPENSSLDIR)/include
OBJ = foo.o
LIB = libfoo.so.1
CMD = cmd
$(LIB): $(OBJ)
FIPSLD_CC=$(CC) $(OPENSSLDIR)/bin/fipsld -shared -W1,-soname,$(LIB) \
-o $(LIB) $(OBJ) $(LIBCRYPTO)
$(CMD): $(OBJ)
FIPSLD_CC=$(CC) $(OPENSSLDIR)/bin/fipsld -o $(CMD) $(OBJ) $
(LIBCRYPTO) -lstdc++
$(OBJ): foo.cpp
$(CC) -c foo.cpp -fPIC $(INCLUDES)
clean:
rm -rf $(LIB) $(OBJ) $(CMD)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
