[openssl-users] Build Openssl + FIPS - recursive fipsld

Tue, 22 May 2018 12:51:37 -0700 

Hi,

    I'm trying to build openssl with FIPS module on Ubuntu 14.04 32 bits,
but during one of the steps the fipsld tool starts being called recursively.

    It happens on this step:
sh -c ( :; LIBDEPS="${LIBDEPS:--L.. -lssl  -L.. -lcrypto -ldl
-L/usr/local/lib -lz}";
LDCMD="${LDCMD:-/usr/local/ssl/fips2.0/bin/fipsld}";
LDFLAGS="${LDFLAGS:--DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -fPIC -O3 -fomit-frame-pointer -Wall
-I/usr/local/ssl/fips2.0/include}"; LIBPATH=`for x in $LIBDEPS; do echo $x;
done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e
's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS}
-o ${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o
dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o
rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o
s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o
version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o
pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o
${LIBDEPS} )
fipsld -e /usr/local/ssl/fips2.0/bin/fipsld -DZLIB -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -O3 -fomit-frame-pointer
-Wall -I/usr/local/ssl/fips2.0/include -o openssl openssl.o verify.o
asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o
pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o
x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o
apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o
pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o
engine.o ocsp.o prime.o ts.o srp.o -L.. -lssl -L.. -lcrypto -ldl
-L/usr/local/lib -lz
fipsld -e /usr/local/ssl/fips2.0/bin/fipsld
/usr/local/ssl/fips2.0/lib//fipscanister.o
/usr/local/ssl/fips2.0/lib/fips_premain.c -DZLIB -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -O3 -fomit-frame-pointer
-Wall -I/usr/local/ssl/fips2.0/include -o openssl openssl.o verify.o
asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o
pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o
x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o
apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o
pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o
engine.o ocsp.o prime.o ts.o srp.o -L.. -lssl -L.. -lcrypto -ldl
-L/usr/local/lib -lz
fipsld -e /usr/local/ssl/fips2.0/bin/fipsld
/usr/local/ssl/fips2.0/lib/fips_premain.c
/usr/local/ssl/fips2.0/lib//fipscanister.o
/usr/local/ssl/fips2.0/lib/fips_premain.c -DZLIB -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -O3 -fomit-frame-pointer
-Wall -I/usr/local/ssl/fips2.0/include -o openssl openssl.o verify.o
asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o
pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o
x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o
apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o
pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o
engine.o ocsp.o prime.o ts.o srp.o -L.. -lssl -L.. -lcrypto -ldl
-L/usr/local/lib -lz

    It keeps calling fipsld recursively, with each call adding one more
"/usr/local/ssl/fips2.0/lib/fips_premain.c" to the command.
    Any idea what am I missing ?

    My build steps are:

export FIPSDIR="/usr/local/ssl/fips2.0"
export MACHINE=linux-generic32
export CC="/usr/local/ssl/fips2.0/bin/fipsld"
export FIPSLD_CC="gcc"
export FIPS_SIG="/tmp/openssl-fips-2.0.16/util/incore"

# build openssl fips module
cd /tmp/
curl -O https://www.openssl.org/source/openssl-fips-2.0.16.tar.gz
gunzip -c openssl-fips-2.0.16.tar.gz | tar xf -
cd openssl-fips-2.0.16
./config
make
make install

# build openssl
cd /tmp
curl -O https://www.openssl.org/source/openssl-1.0.2n.tar.gz
tar -zxf openssl-1.0.2n.tar.gz
cd /tmp/openssl-1.0.2n
./Configure \
    --prefix=/usr/local \
    linux-generic32 \
    -fPIC \
    no-shared \
    no-capieng \
    fips \
    --with-fipsdir="/usr/local/ssl/fips2.0" \
    zlib \
    no-zlib-dynamic \
    --with-zlib-include="/usr/local/include" \
    --with-zlib-lib="/usr/local/lib"
make all -j1
make build_libs

--
Luís

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to