[openssl-users] FIPSLD 2.0.5 (HP-UX AI64 11.23) fails to link with pthread error

Tom Francis thomas.francis.jr at pobox.com
Mon Mar 2 21:14:21 UTC 2015

> On Mar 2, 2015, at 4:18 AM, Mrunal Nerpawar <p.mrunal at gmail.com> wrote:
> Thanks Tom for the reply.
> I know I am replying really late, but the option you mentioned is tried but is not working either. :(
> Anything else i can try?

Since I no longer have access to that compiler, and I don’t generally bother with FIPS 140 anymore, I can’t be sure, but I suspect the problem is described here:

http://h21007.www2.hp.com/portal/download/files/prot/files/linker/onlinehelp/compileandlink.htm (see “Linker Thread-safe features”).

Originally, I was thinking this was an actual link error, but now that I think about it, it’s probably coming from when fips_premain_dso is run to determine the signature to be embedded.  And if that’s the case, you’re pretty much out of luck — there’s no way to modify fips_premain_dso to avoid the shl_load() call (not and still be following the security policy), and there’s no way to make shl_load() succeed. shl_load() simply doesn’t work with TLS.  If you could somehow change your use of OpenSSL and the FIPS Object Module such that OpenSSL is linked statically into an executable (that is, a complete executable, not a shared library) then you could probably make it work. :(

You can verify if that’s the case by adding more output to your fipsld script; I suspect you’ll see the failure from the line:


There should be code in fipsld to error out if that failed, but perhaps that was disabled?  Anyway, if the error is not from invoking fips_premain_dso, then something else is wrong, and I’d suggest opening a support case with HP.


> -Mrunal
> On Wed, Feb 25, 2015 at 8:31 AM, Tom Francis <thomas.francis.jr at pobox.com> wrote:
> Have you tried changing FIPSLD_CC and FIPSLD_LINK to include the necessary options (e.g. -mt)?  Note: it might be simpler to modify fipsld instead, depending on how easy/hard it is to maintain spaces properly when settings FIPSLD_CC and FIPSLD_LINK.  Since the fipsld script is just a convenience script to help you meet the requirements of the security policy, you’re free to modify it.  Just don’t modify it such that the security policy is no longer followed.  Generally speaking, adding more options to the compile and link steps will be safe.
> > On Feb 23, 2015, at 4:36 AM, Mrunal Nerpawar <p.mrunal at gmail.com> wrote:
> >
> > Details
> > ======
> > Fips 2.0.5 configured with no-asm and threads.
> > Openssl 1.0.1H configured with shared, fips, threads no-asm (many alogos omitted)
> > compiler -  using aCC 6.25 on HPUX-IA64 11.23.
> >
> > bash-2.05$ aCC --version
> > aCC: HP C/aC++ B3910B A.06.25.02 [Nov 25 2010]
> > bash-2.05$
> >
> > product linking with fipsld fails with error ...
> > =================================
> > :DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:187:filename(./objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0):  Cannot dlopen load module '/usr/lib/hpux32/libpthread.so.1' because it contains thread specific data.
> >
> > Options tried
> > ==========
> > * Compiling Cxx sources with -mt.
> > * Linking with -lpthread,
> > * setting LD_PRELOAD.
> > None worked effectively. with LD_PRELOAD option, ended up getting error - undefined symbol Ztil, etc.
> >
> > complete error is as follows.
> > =====================
> >
> > Building shared library objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0
> > FIPSLD_CC=aCC FIPSLD_LINK=aCC /unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/OpenSource/ssl-1.0.1h/bin/fipsld  +Z -b -g -O2 -AA -Wl,+s +tls=dynamic -o objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0 objs/HP-UX-B.11.23-ia64-64/stdafx.o objs/HP-UX-B.11.23-ia64-64/UserUtil.o objs/HP-UX-B.11.23-ia64-64/LSSpawner.o objs/HP-UX-B.11.23-ia64-64/LSFilter.o objs/HP-UX-B.11.23-ia64-64/LSCmdOutputParser.o objs/HP-UX-B.11.23-ia64-64/LSBuilderAndProcessor.o objs/HP-UX-B.11.23-ia64-64/LSBuilderAndProcessor_1.o objs/HP-UX-B.11.23-ia64-64/LSBuilderAndProcessor_2.o objs/HP-UX-B.11.23-ia64-64/GroupUtil.o objs/HP-UX-B.11.23-ia64-64/ShadowHelper.o objs/HP-UX-B.11.23-ia64-64/BlockedFiles.o objs/HP-UX-B.11.23-ia64-64/NISUtil.o objs/HP-UX-B.11.23-ia64-64/Utilities.o objs/HP-UX-B.11.23-ia64-64/MachineUtil.o objs/HP-UX-B.11.23-ia64-64/BvNetworkInfo.o objs/HP-UX-B.11.23-ia64-64/NSSwitch.o objs/HP-UX-B.11.23-ia64-64/FileUtil_1.o objs/HP-UX-B.11.23-ia64-64/FileUtil_2.o objs/HP-UX-B.11.23-ia64-64/SecurityThreatCheck.o objs/HP-UX-B.11.23-ia64-64/UserEnumerator.o objs/HP-UX-B.11.23-ia64-64/LocalUserEnumerator.o objs/HP-UX-B.11.23-ia64-64/UnixUserEnumerator.o objs/HP-UX-B.11.23-ia64-64/WinUserEnumerator.o objs/HP-UX-B.11.23-ia64-64/GetEntHandler.o objs/HP-UX-B.11.23-ia64-64/UnixShadowReader.o objs/HP-UX-B.11.23-ia64-64/EtcShadowReader.o objs/HP-UX-B.11.23-ia64-64/UnixEtcShadowReader.o objs/HP-UX-B.11.23-ia64-64/AIXShadowHelper.o objs/HP-UX-B.11.23-ia64-64/HPLoginsShadowHelper.o objs/HP-UX-B.11.23-ia64-64/HPTcbShadowHelper.o objs/HP-UX-B.11.23-ia64-64/UnixHPShadowReader.o objs/HP-UX-B.11.23-ia64-64/ProcessUtil.o objs/HP-UX-B.11.23-ia64-64/FieldUtils.o objs/HP-UX-B.11.23-ia64-64/LoggedInUserInfo.o objs/HP-UX-B.11.23-ia64-64/TcpdRulesParser.o objs/HP-UX-B.11.23-ia64-64/DirectoryUtil.o objs/HP-UX-B.11.23-ia64-64/Timestamp.o objs/HP-UX-B.11.23-ia64-64/Timespan.o objs/HP-UX-B.11.23-ia64-64/NumberFormatter.o objs/HP-UX-B.11.23-ia64-64/DateTimeParser.o objs/HP-UX-B.11.23-ia64-64/DateTimeFormatter.o objs/HP-UX-B.11.23-ia64-64/DateTimeFormat.o objs/HP-UX-B.11.23-ia64-64/DateTime.o objs/HP-UX-B.11.23-ia64-64/Timezone.o objs/HP-UX-B.11.23-ia64-64/LocalDateTime.o objs/HP-UX-B.11.23-ia64-64/RFUtilities.o objs/HP-UX-B.11.23-ia64-64/OpenPortUtil.o objs/HP-UX-B.11.23-ia64-64/AIXStanzaReader.o objs/HP-UX-B.11.23-ia64-64/Bugcheck.o objs/HP-UX-B.11.23-ia64-64/DateTime.o objs/HP-UX-B.11.23-ia64-64/Debugger.o objs/HP-UX-B.11.23-ia64-64/Exception.o objs/HP-UX-B.11.23-ia64-64/GroupEnumerator.o objs/HP-UX-B.11.23-ia64-64/UnixGroupEnumerator.o objs/HP-UX-B.11.23-ia64-64/FileInfoFetcher.o objs/HP-UX-B.11.23-ia64-64/UnixFileInfoAccessor.o objs/HP-UX-B.11.23-ia64-64/FileStatSysCallProcessor.o objs/HP-UX-B.11.23-ia64-64/StatSysCallFileInfoFetcherImpl.o objs/HP-UX-B.11.23-ia64-64/FileInfoAccessor.o objs/HP-UX-B.11.23-ia64-64/FileProcessorObjectFactory.o objs/HP-UX-B.11.23-ia64-64/UUID.o objs/HP-UX-B.11.23-ia64-64/RandomStream.o objs/HP-UX-B.11.23-ia64-64/Random.o objs/HP-UX-B.11.23-ia64-64/SHA1Engine.o objs/HP-UX-B.11.23-ia64-64/DigestEngine.o objs/HP-UX-B.11.23-ia64-64/FileDescriptorUtil.o objs/HP-UX-B.11.23-ia64-64/PasswordInfo.o objs/HP-UX-B.11.23-ia64-64/DictionaryReader.o objs/HP-UX-B.11.23-ia64-64/PasswordCracker.o objs/HP-UX-B.11.23-ia64-64/md5crypt.o -L/unixhome/user/workspace/ontrolShared/UnixReusableClasses/lib/HP-UX-B.11.23-ia64-64 -lReCpp -lReCommon -L/unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/lib -lcrypto -L/unixhome/user/workspace/product/lib/HP-UX-B.11.23-ia64-64 -lAgentCommon -lReCoreClasses -lCommonLib  -lsec
> > fipsld: THERE=/unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/OpenSource/ssl-1.0.1h/bin/..
> > fipsld: TARGET=./objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0
> > fipsld: CANISTER_O=/unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/OpenSource/ssl-1.0.1h/bin/../lib/fipscanister.o
> > fipsld: PREMAIN_C=/unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/OpenSource/ssl-1.0.1h/bin/../lib/fips_premain.c
> > fipsld: PREMAIN_O=objs/HP-UX-B.11.23-ia64-64/fips_premain.o
> > fipsld: FIPSLIBDIR=
> > fipsld: FIPSLD_CC=aCC
> > fipsld: FIPSLD_LINK=aCC
> > fipsld: Linking shared library file.
> > fipsld: Compiling "/unixhome/user/workspace/product/../3rdPt/Unix/HP-UX/ia64/OpenSource/ssl-1.0.1h/bin/../lib/fips_premain.c".
> > fipsld: Linking "./objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0" with FIPS libaries.
> > 2130621380:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:187:filename(./objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0): Cannot dlopen load module '/usr/lib/hpux32/libpthread.so.1' because it contains thread specific data.
> > 2130621380:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
> > /unixhome/user/workspace/product/Packages/BuildScripts/Makefiles/Make.inc.shlib.rules:73: recipe for target 'objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0' failed
> > gmake: *** [objs/HP-UX-B.11.23-ia64-64/libDataSourceImpl.so.10.0.0] Error 1
> > bash-2.05$
> >
> >
> > We are running short of time. If anybody has any solutions/suggestions help, would be appreciated.
> >
> > Thanks in advance.
> >
> > Best regards,
> > Mrunal
> > _______________________________________________
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list