[openssl-dev] [openssl.org #3713] Bug: openssl-1.0.1l, FIPS, HP-UX ia64, Duplicate Symbol "AES_Te" and "AES_Td"
Stephen Henson via RT
rt at openssl.org
Wed Feb 18 22:44:10 UTC 2015
On Wed Feb 18 21:12:22 2015, Stuart.Kemp at netiq.com wrote:
>
> Trying to build FIPS capable OpenSSL on HP-UX ia64
>
> Using openssl-fips-2.0.9.tar.gz and openssl-1.0.1l.tar.gz.
>
>
> Looks like the symbols "AES_decrypt" and "AES_encrypt" were renamed to
> "fips_aes_decrypt" and "fips_aes_encrypt" respectively, but
> "AES_Td" and "AES_Te" were forgotten.
>
> # nm openssl-fips-ecp-2.0.9/crypto/aes/aes-ia64.o | grep GL
> OB
> [10] | 5632| 2304|OBJT |GLOB |0|
> .text|AES_Td
> [9] | 3328| 2304|OBJT |GLOB |0|
> .text|AES_Te
> [8] | 2624| 704|FUNC |GLOB |0|
> .text|fips_aes_decrypt
> [7] | 960| 704|FUNC |GLOB |0|
> .text|fips_aes_encrypt
>
>
> # nm openssl-1.0.1l/crypto/aes/aes-ia64.o | grep GLOB
> [10] | 5632| 2304|OBJT |GLOB |0|
> .text|AES_Td
> [9] | 3328| 2304|OBJT |GLOB |0|
> .text|AES_Te
> [8] | 2624| 704|FUNC |GLOB |0|
> .text|AES_decrypt
> [7] | 960| 704|FUNC |GLOB |0|
> .text|AES_encrypt
>
We can't rename the FIPS symbols without a change letter so that can't happen
immediately.
As a workaround I'd suggest you rename the symbols in OpenSSL instead so they
no longer clash with the FIPS module.
If that works and you can send us a patch it will be included in future
versions of OpenSSL.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list