Hello All,
I having some problem building FIPS capable openssl static library in OS X.
My System configuration:
Darwin 12.3.0 Darwin Kernel Version 12.3.0: Sun Jan 6 22:37:10 PST 2013;
root:xnu-2050.22.13~1/RELEASE_X86_64 x86_64
fipscanister build is successful. Following are steps I did:
1) ./config no-asm
Configured for darwin-i386-cc.
2) make
3) make install
Installed at /usr/local/ssl/fips-2.0
openssl build fails. I'm using openssl version 1.0.1c
1) ./config fips
Configured for darwin-i386-cc.
2) make
I'm getting a link error in this step
rm -f openssl
shlib_target=; if [ -n "" ]; then \
shlib_target="darwin-shared"; \
elif [ -n "libcrypto" ]; then \
FIPSLD_CC="cc"; CC=/usr/local/ssl/fips-2.0/bin/fipsld; export CC
FIPSLD_CC; \
fi; \
LIBRARIES="-L.. -lssl -L.. -lcrypto" ; \
make -f ../Makefile.shared -e \
APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgst.o
dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o
rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o
genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o
app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o
pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o
ts.o srp.o" \
LIBDEPS="-Wl,-search_paths_first $LIBRARIES " \
link_app.${shlib_target}
( :; LIBDEPS="${LIBDEPS:--Wl,-search_paths_first -L.. -lssl -L.. -lcrypto
}"; LDCMD="${LDCMD:-/usr/local/ssl/fips-2.0/bin/fipsld}";
LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM
-DWHIRLPOOL_ASM -DGHASH_ASM}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done
| sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/
/:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o
${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o
dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o
rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o
s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o
version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o
pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o
${LIBDEPS} )
Undefined symbols for architecture i386:
"_FIPS_rodata_end", referenced from:
_FIPS_incore_fingerprint in fipscanister.o
_FIPS_check_incore_fingerprint in fipscanister.o
"_FIPS_rodata_start", referenced from:
_FIPS_incore_fingerprint in fipscanister.o
_FIPS_check_incore_fingerprint in fipscanister.o
"_FIPS_text_end", referenced from:
_FIPS_incore_fingerprint in fipscanister.o
"_FIPS_text_start", referenced from:
_FIPS_incore_fingerprint in fipscanister.o
_FIPS_check_incore_fingerprint in fipscanister.o
_FINGERPRINT_premain in fips_premain-fotYPT.o
ld: symbol(s) not found for architecture i386
Looks to me it is a bug in the makefile. When it tries to build the openssl
executable, it didn't compile the fips_premain.c and include it in the
build. I'm just starting to look in to the makefile. But if any one already
solved this problem I would really appreciate if you could share it.
Thanks
Regards,
Raghav
