Sorry this has taken me so long to respond to. Just as you suspected adding .weak makes the build of “big” OpenSSL work just fine. I assume that bn_mul_mont_fpu is something that in all likelihood won’t change since .weak will tell the linker to use the first definition of bn_mul_mont_fpu which I assume is the one defined in fipscanister.o?
Thanks, John Engstrom > On Feb 10, 2016, at 2:54 PM, Andy Polyakov via RT <[email protected]> wrote: > > Hi, > >> When building an OpenSSL shared library on Solaris with FIPS support you get >> a multiply defined symbol error: >> >> ld: fatal: symbol 'bn_mul_mont_fpu' is multiply-defined: >> (file /usr/local/ssl/fips-2.0/lib//fipscanister.o type=FUNC; file >> libcrypto.a(sparcv9a-mont.o) type=FUNC); >> ld: fatal: file processing errors. No output written to libcrypto.so.1.0.0 >> make[4]: *** [link_a.solaris] Error 1 >> >> >> This traces back to the fipssyms.h header file NOT defining bn_mul_mont_fpu >> when building the fipscanister. NOTE: the bn_mul_mont_fpu function in the >> SPARC assembly file (sparcv9a-mont.s) would also need to get redefined as >> fips_bn_mul_mont. > > Quoting RT#3713: > > "The > reason for why the problem in question (and similar) slip through is > that FIPS module validation procedure, exhausting as it is, does not > involve linking with "big" OpenSSL. As result one risks to remain > oblivious of them on rare platforms such as one in question till it > becomes too late. But luckily enough one can modify "big" OpenSSL to > accommodate such mishaps. Renaming symbols as general method or > case-specific workarounds ... is the way to go." > > Once again, "renaming symbols" refers to renaming in "big" OpenSSL, not > in FIPS source, which can't be modified at will. As for case-specific > workarounds in this case adding '.weak $fname' right after '.global > $fname' in sparcv9a-mont.pl in "big" OpenSSL should do the trick. Could > you verify and report back? > > > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4300 > Please log in as guest with password guest if prompted > -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4300 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
