I have seen Dr. Stephen's reply in this thread http://www.mail-archive.com/openssl-users@openssl.org/msg63620.html, that fipsld can be modified as long as it follows rules in the security policy.
On 11/26/12 4:30 PM, "Santhosh Kokala" <santhosh.kok...@riverbed.com> wrote: >Thanks Dr. Stephen and Andy for helping me resolve this issue. I modified >fipsld script to use gcc for compiling fips_premain.c and it worked. > >On 11/25/12 1:42 PM, "Andy Polyakov" <ap...@openssl.org> wrote: > >>Santhosh Kokala wrote: >>> I would really appreciate, if someone helps me with this issue. >> >>Why not just think for a second? >> >>>>> export FIPSLD_CC=g++ >>>>> export CC=gcc >> >>means that it's using g++ to compile fips_premain.c. FIPSLD_CC takes >>precedence over CC in fipsld: CC=${FIPSLD_CC:-${CC}} >> >>>>> export CXX=/usr/local/ssl/fips-2.0/bin/fipsld >>>>> >>>>> Build Errors: >>>>> >>>>> >>>>> /tmp/cczHeW7i.o: In function `FINGERPRINT_premain()': >>>>> /usr/local/ssl/fips-2.0/bin/../lib/fips_premain.c:103: undefined >>>>> reference >>>>> to `FIPS_text_start()' >>>>> /usr/local/ssl/fips-2.0/bin/../lib/fips_premain.c:116: undefined >>>>> reference >>>>> to `FIPS_incore_fingerprint(unsigned char*, unsigned int)' >> >>So try to compile fips_premain.c manually with g++ and run 'nm >>fips_premain.o'. Note undefined symbols and try to find them in >>fipscanister.o. This answers question what's going on. With this answer >>you can also determine what to do. Setting FIPSLD_CC to gcc shall >>compile fips_premain.c correctly, but it might fail to link with rest of >>your code, because g++ driver adds language-specific libraries [and >>linker options]. Therefore there are two options. a) Set FIPSLD_CC to >>gcc, figure out language-specific libraries [and linker options] and >>explicitly add them to fipsld command line. b) Make g++ treat >>fips_premain.c as C and not C++, e.g. by setting FIPSLD_CC to "g++ -x c". >>______________________________________________________________________ >>OpenSSL Project http://www.openssl.org >>Development Mailing List openssl-...@openssl.org >>Automated List Manager majord...@openssl.org > >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >Development Mailing List openssl-...@openssl.org >Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org