[openssl-dev] [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd
old release, closing. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd
On 3/13/2015 4:00 PM, Rath, Santosh via RT wrote: But when I build the openssl with shared mode, then it is failing and reporting below errors. gcc: /home/ratsa02/openssl/openssl-fips-2.0.2/fips_binary/fipsfips_premain.c: No such file or directory gcc: /home/ratsa02/openssl/openssl-fips-2.0.2/fips_binary/fipsfipscanister.o: No such file or directory make[2]: *** [fips_premain_dso] Error 1 Without looking at the old source, it looks to me like an environment variable or configure script option is missing a trailing / so that instead of getting ../fips/fips_premain.c you get ../fipsfips_premain.c Regards, Steve ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd
Thank you Stephen, Since the product is already build on openssl.0.9.8.r, and if we upgrade it to openssl0.1.1l then there could be lot of change in terms of API what our product use. And one more pain point is the product is using .so of libcrypto and libssl. But when I build the openssl with shared mode, then it is failing and reporting below errors. gcc: /home/ratsa02/openssl/openssl-fips-2.0.2/fips_binary/fipsfips_premain.c: No such file or directory gcc: /home/ratsa02/openssl/openssl-fips-2.0.2/fips_binary/fipsfipscanister.o: No such file or directory make[2]: *** [fips_premain_dso] Error 1 Pleas shed some advice here, because I struggling to figureout how to build those libraries. Since my release is due in 4 dyas, I have to submit this in 4 days. Thanks Santosh -Original Message- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Friday, March 13, 2015 3:34 AM To: Rath, Santosh Cc: openssl-dev@openssl.org Subject: [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd On Thu Mar 12 22:16:37 2015, santosh.r...@ca.com wrote: Hi I have downloaded the openssl 0.9.8zd source. And I tried below steps to get it install. 1. ./config fipscanisterbuild I did not get any configuration error. 2. make I got the below linker error. make[2]: Entering directory `/home/ratsa02/openssl-0.9.8zd/test' ../fips/fipscanister.o: In function `RSA_padding_check_PKCS1_OAEP': (.text+0x140ab): undefined reference to `CRYPTO_memcmp' collect2: ld returned 1 exit status make[2]: *** [link_app.gnu] Error 1 make[2]: Leaving directory `/home/ratsa02/openssl-0.9.8zd/test' make[1]: *** [fips_shatest] Error 2 make[1]: Leaving directory `/home/ratsa02/openssl-0.9.8zd/test' make: *** [build_tests] Error 1 Note: ( if I ran only configure without fipscanisterbuild option in config, the I don't have any issues.'make' is working fine. But I need the libraries should fips compliance). You don't use that build procedure if you want OpenSSL to be FIPS compliant. You need to build the FIPS module from source first (obeying the security policy) and link the FIPS capable OpenSSL to that. See the user guide for more details. Note that OpenSSL 0.9.8 uses the much older 1.2 module. You should be using the 2.0 module instead and OpenSSL 1.0.1 or later. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd
On Fri Mar 13 21:00:30 2015, santosh.r...@ca.com wrote: Thank you Stephen, Since the product is already build on openssl.0.9.8.r, and if we upgrade it to openssl0.1.1l then there could be lot of change in terms of API what our product use. Well if you'd used any OpenSSL 0.9.8 using ./config fipscanisterbuild then the result would not be FIPS compliant as you weren't using the validated FIPS module. In outline you need to download the FIPS module appropriate for your version of OpenSSL. For 0.9.8 the latest is 1.2.4 you can get it from: https://www.openssl.org/source/old/fips/openssl-fips-1.2.4.tar.gz Extract the tarball. Build and install using: ./config fipscanisterbuild make make install Download OpenSSL 0.9.8 latest tarball currently: https://www.openssl.org/source/openssl-0.9.8ze.tar.gz and extract it. Then do: ./config fips make Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd
Hi I have downloaded the openssl 0.9.8zd source. And I tried below steps to get it install. 1. ./config fipscanisterbuild I did not get any configuration error. 2. make I got the below linker error. make[2]: Entering directory `/home/ratsa02/openssl-0.9.8zd/test' ../fips/fipscanister.o: In function `RSA_padding_check_PKCS1_OAEP': (.text+0x140ab): undefined reference to `CRYPTO_memcmp' collect2: ld returned 1 exit status make[2]: *** [link_app.gnu] Error 1 make[2]: Leaving directory `/home/ratsa02/openssl-0.9.8zd/test' make[1]: *** [fips_shatest] Error 2 make[1]: Leaving directory `/home/ratsa02/openssl-0.9.8zd/test' make: *** [build_tests] Error 1 Note: ( if I ran only configure without fipscanisterbuild option in config, the I don't have any issues.'make' is working fine. But I need the libraries should fips compliance). Please help me how I can get rid of this problem, is there something I am doing wrong? Thanks Santosh ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd
On Thu Mar 12 22:16:37 2015, santosh.r...@ca.com wrote: Hi I have downloaded the openssl 0.9.8zd source. And I tried below steps to get it install. 1. ./config fipscanisterbuild I did not get any configuration error. 2. make I got the below linker error. make[2]: Entering directory `/home/ratsa02/openssl-0.9.8zd/test' ../fips/fipscanister.o: In function `RSA_padding_check_PKCS1_OAEP': (.text+0x140ab): undefined reference to `CRYPTO_memcmp' collect2: ld returned 1 exit status make[2]: *** [link_app.gnu] Error 1 make[2]: Leaving directory `/home/ratsa02/openssl-0.9.8zd/test' make[1]: *** [fips_shatest] Error 2 make[1]: Leaving directory `/home/ratsa02/openssl-0.9.8zd/test' make: *** [build_tests] Error 1 Note: ( if I ran only configure without fipscanisterbuild option in config, the I don't have any issues.'make' is working fine. But I need the libraries should fips compliance). You don't use that build procedure if you want OpenSSL to be FIPS compliant. You need to build the FIPS module from source first (obeying the security policy) and link the FIPS capable OpenSSL to that. See the user guide for more details. Note that OpenSSL 0.9.8 uses the much older 1.2 module. You should be using the 2.0 module instead and OpenSSL 1.0.1 or later. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
