Thank you Stephen, Since the product is already build on openssl.0.9.8.r, and if we upgrade it to openssl0.1.1l then there could be lot of change in terms of API what our product use. And one more pain point is the product is using .so of libcrypto and libssl.
But when I build the openssl with shared mode, then it is failing and reporting below errors. gcc: /home/ratsa02/openssl/openssl-fips-2.0.2/fips_binary/fipsfips_premain.c: No such file or directory gcc: /home/ratsa02/openssl/openssl-fips-2.0.2/fips_binary/fipsfipscanister.o: No such file or directory make[2]: *** [fips_premain_dso] Error 1 Pleas shed some advice here, because I struggling to figureout how to build those libraries. Since my release is due in 4 dyas, I have to submit this in 4 days. Thanks Santosh -----Original Message----- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Friday, March 13, 2015 3:34 AM To: Rath, Santosh Cc: openssl-dev@openssl.org Subject: [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd On Thu Mar 12 22:16:37 2015, santosh.r...@ca.com wrote: > Hi > > I have downloaded the openssl 0.9.8zd source. > And I tried below steps to get it install. > > 1. ./config fipscanisterbuild > > I did not get any configuration error. > > 2. make > > I got the below linker error. > > > > make[2]: Entering directory `/home/ratsa02/openssl-0.9.8zd/test' > > ../fips/fipscanister.o: In function `RSA_padding_check_PKCS1_OAEP': > > (.text+0x140ab): undefined reference to `CRYPTO_memcmp' > > collect2: ld returned 1 exit status > > make[2]: *** [link_app.gnu] Error 1 > > make[2]: Leaving directory `/home/ratsa02/openssl-0.9.8zd/test' > > make[1]: *** [fips_shatest] Error 2 > > make[1]: Leaving directory `/home/ratsa02/openssl-0.9.8zd/test' > > make: *** [build_tests] Error 1 > > > > Note: ( if I ran only configure without fipscanisterbuild option in > config, the I don't have any issues.'make' is working fine. > > But I need the libraries should fips compliance). > You don't use that build procedure if you want OpenSSL to be FIPS compliant. You need to build the FIPS module from source first (obeying the security policy) and link the FIPS capable OpenSSL to that. See the user guide for more details. Note that OpenSSL 0.9.8 uses the much older 1.2 module. You should be using the 2.0 module instead and OpenSSL 1.0.1 or later. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev