Hi All,
I am facing problem when i am trying to build shared library of fips
capable openssl 9.8J. I am using aix-xlc_r to build openssl 9.8j and
whenever i try to run and aix-cc compiler for opensslfips 1.2 (I was able to
build static library with no-shared option )
sh testfipsssl
test SSL protocol
test ssl3 is forbidden in FIPS mode
508008:error:2D06906E:FIPS
routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not
match:fips.c:238:
test ssl2 is forbidden in FIPS mode
508010:error:2D06906E:FIPS
routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not
match:fips.c:238:
test tls1
508012:error:2D06906E:FIPS
routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not
match:fips.c:238:
make: The error code from the last command is 1.
but when i creating static library it was successfully working .
I have applied following patches for creating shared library with respect
xlc_r compiler
--- Makefile.shared.aix 2006-05-20 08:51:09.000000000 +0000
+++ Makefile.shared 2007-03-15 20:51:06.000000000 +0000
@@ -67,8 +67,8 @@
#------------------------------------------------------------------------------
# The rest is private to this makefile.
-SET_X=:
-#SET_X=set -x
+#SET_X=:
+SET_X=set -x
top:
echo "Trying to use this makefile interactively? Don't."
@@ -101,7 +101,7 @@
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
- nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' >
lib$(LIBNAME).exp; \
+ /usr/bin/nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' >
lib$(LIBNAME).exp; \
LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null
2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
@@ -109,7 +109,7 @@
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
) && $(SYMLINK_SO); \
- ( $(SET_X); rm -f lib$(LIBNAME).exp )
+ ( $(SET_X) )
SYMLINK_SO= \
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
@@ -139,7 +139,7 @@
LINK_SO_A_UNPACKED= \
UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
- (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
+ (cd $$UNPACKDIR; /usr/bin/ar x ../lib$(LIBNAME).a) && \
([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
SHOBJECTS=$$UNPACKDIR/*.o; \
$(LINK_SO) && rm -rf $$UNPACKDIR
@@ -489,9 +489,10 @@
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
- ALLSYMSFLAGS='-bnogc'; \
+ ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=''; \
- SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp
-bM:SRE'; \
+ SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -qmkshrobj
-bE:lib$(LIBNAME).exp
-blibpath:$(LIBRPATH):/usr/lib:/lib'; \
+ LIBDEPS='$(LIBDEPS) -lm -lc'; \
$(LINK_SO_O); rm -rf lib$(LIBNAME).exp
link_a.aix:
@ $(CALC_VERSIONS); \
@@ -499,12 +500,14 @@
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
- ALLSYMSFLAGS='-bnogc'; \
+ ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=''; \
- SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp
-bM:SRE'; \
- $(LINK_SO_A_VIA_O)
+ SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -qmkshrobj
-bE:lib$(LIBNAME).exp
-blibpath:$(LIBRPATH):/usr/lib:/lib'; \
+ LIBDEPS='$(LIBDEPS) -lm -lc'; \
+ $(LINK_SO_A_UNPACKED)
link_app.aix:
- LDFLAGS="$(CFLAGS) -blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
+ LDFLAGS="$(CFLAGS) -blibpath:$(LIBRPATH):/usr/lib:/lib"; \
+ LIBDEPS='$(LIBDEPS) -lm -lc'; \
$(LINK_APP)
link_o.reliantunix:
Is there any thing extra patchs to be applied to make it workable with
aix-xlc_r compiler .
Please Help
Thanks
Joshi
--
View this message in context:
http://www.nabble.com/Fips-Capable-Openssl-9.8-J-fails-for-xlc_r-compiler-tp21700703p21700703.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
