[openssl-dev] [openssl.org #3745] OpenSSl Bug, affected release 0.9.8zd
Stephen Henson via RT
rt at openssl.org
Thu Mar 12 22:04:20 UTC 2015
On Thu Mar 12 22:16:37 2015, Santosh.Rath at ca.com wrote:
> Hi
>
> I have downloaded the openssl 0.9.8zd source.
> And I tried below steps to get it install.
>
> 1. ./config fipscanisterbuild
>
> I did not get any configuration error.
>
> 2. make
>
> I got the below linker error.
>
>
>
> make[2]: Entering directory `/home/ratsa02/openssl-0.9.8zd/test'
>
> ../fips/fipscanister.o: In function `RSA_padding_check_PKCS1_OAEP':
>
> (.text+0x140ab): undefined reference to `CRYPTO_memcmp'
>
> collect2: ld returned 1 exit status
>
> make[2]: *** [link_app.gnu] Error 1
>
> make[2]: Leaving directory `/home/ratsa02/openssl-0.9.8zd/test'
>
> make[1]: *** [fips_shatest] Error 2
>
> make[1]: Leaving directory `/home/ratsa02/openssl-0.9.8zd/test'
>
> make: *** [build_tests] Error 1
>
>
>
> Note: ( if I ran only configure without fipscanisterbuild option in
> config, the I don't have any issues.'make' is working fine.
>
> But I need the libraries should fips compliance).
>
You don't use that build procedure if you want OpenSSL to be FIPS compliant.
You need to build the FIPS module from source first (obeying the security
policy) and link the FIPS capable OpenSSL to that. See the user guide for more
details.
Note that OpenSSL 0.9.8 uses the much older 1.2 module. You should be using the
2.0 module instead and OpenSSL 1.0.1 or later.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list