In an earlier thread, Brad House spoke of the problem I am having:
1) dladdr() does not exist in AIX4 or AIX5.1, but the
DSO_pathbyaddr() function from crypto/dso/dso_dlfcn.c
is not called from anywhere so it's dead code...
Just #if'd it out.
This is also true for AIX 5.2, and since touching any of the code in the
FIPS tarball violates the security policy I dont think #if'ing it out is
an option.
I have come up with the following workaround that does not touch any of
the files in the FIPS tarball... but does involve touching an AIX header
file. I don't like touching system header files, but I dont see any
other way. I'd appreciate any comments on whether or not this might
affect the validation status of the module. I am using the IBM compiler
and not gcc.
Note that a grep of the source indicates that the function that is
failing compilation (DSO_pathbyaddr()) is not actually called by
anything in the FIPS OpenSSL nor in 0.9.7j.
The two problems in the function are:
- The Dl_info structure used in the function is not declared
- The dladdr() function is not defined
My workaround involves modifying an AIX include file
(/usr/include/dlfcn.h) to include a minimal declaration of the structure
and a #define of the function that replaces it with the constant value
zero (which is the return code of the function indicating an error).
This is placed within an OPENSSL_FIPS #ifdef so that this code is only
included when building FIPS OpenSSL.
Here is what I added to the end of /usr/include/dlfcn.h (just before the
#endif /* _H_DLFCN */):
/* Allow OpenSSL FIPS to compile without modifying its source code */
#ifdef OPENSSL_FIPS
typedef struct {
char *dli_fname;
} Dl_info;
#define dladdr(x,y) (0)
#endif
---
Thanks
Troy
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
