fipsld ./fips_premain_dso: No such file or directory

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

fipsld ./fips_premain_dso: No such file or directory

Roar Lien
Hi,
I am trying to build a shared library that statically links to a fips enabled openssl library under Linux. When I try to build my shared library using:

'make CC=/usr/local/ssl/fips-2.0/bin/fipsld FIPSLD_CC=gcc'

I get an error saying:

/usr/local/ssl/fips-2.0/bin/fipsld: line 137: ./fips_premain_dso: No such file or directory

In the windows build, fips_premain_dso.exe is located in the bin directory of the openssl installation. For the linux build, the bin directory contains 'c_rehash' opperl script and the 'openssl' executable. Is 'fips_premain_dso' not a part of the Linux build?

- Roar
Reply | Threaded
Open this post in threaded view
|

Re: fipsld ./fips_premain_dso: No such file or directory

Roar Lien
I tried to set the FIPS_SIG environment variable to point to the incore script in the 'util' directory of the fips distribution. The error message is now that my .so is not cross compiler aware.

- Roar
Reply | Threaded
Open this post in threaded view
|

Re: fipsld ./fips_premain_dso: No such file or directory

Roar Lien
I am still not able to statically link my application to the fips enabled openssl under linux. My platform is Windows 8 - VMWare - CentOS 6.3. From what I described above, the initial problem comes from fipsld not being able to find the fips_premain_dso executable (it never gets built). I came across a discussion about cross compiling where the solution was to set the FIPS_SIG environment variable. I don't think that my setup qualifies as a cross compile environment but I went ahead and tried it anyway, the error now was that my <my application name>.so is not cross compiler aware.

My openssl-fips build steps are:

1) ./config fipscanisterbuild
2) make
3) make install

1) ./config fips
2) make depend
3) make
4) make install

When statically linking my application to the fips enabled openssl I use: make CC=fipsld FIPSLD_CC=gcc as described in the user manual since the link rules in my make file only rely on $(CC).

Can somebody please comment on what I am doing wrong?

- Roar


Reply | Threaded
Open this post in threaded view
|

RE: fipsld ./fips_premain_dso: No such file or directory

Santhosh Kokala
I don't think you need to add "fipscanisterbuild" option to config for building openssl-fips-2.0.*

Just try this

For Openssl-fips
1) ./config
2) make
3) make install

For Openssl
1) ./config fips
2) make depend
3) make
4) make install

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Roar Lien
Sent: Thursday, February 21, 2013 1:18 PM
To: [hidden email]
Subject: Re: fipsld ./fips_premain_dso: No such file or directory

I am still not able to statically link my application to the fips enabled openssl under linux. My platform is Windows 8 - VMWare - CentOS 6.3. From what I described above, the initial problem comes from fipsld not being able to find the fips_premain_dso executable (it never gets built). I came across a discussion about cross compiling where the solution was to set the FIPS_SIG environment variable. I don't think that my setup qualifies as a cross compile environment but I went ahead and tried it anyway, the error now was that my <my application name>.so is not cross compiler aware.

My openssl-fips build steps are:

1) ./config fipscanisterbuild
2) make
3) make install

1) ./config fips
2) make depend
3) make
4) make install

When statically linking my application to the fips enabled openssl I use:
make CC=fipsld FIPSLD_CC=gcc as described in the user manual since the link rules in my make file only rely on $(CC).

Can somebody please comment on what I am doing wrong?

- Roar






--
View this message in context: http://openssl.6102.n7.nabble.com/fipsld-fips-premain-dso-No-such-file-or-directory-tp43733p43875.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: fipsld ./fips_premain_dso: No such file or directory

Roar Lien
Thanks for the help Santhosh. Omitting "fipscanisterbuild" has no effect on the generation of fips_premain_dso.

- Roar
Reply | Threaded
Open this post in threaded view
|

Re: fipsld ./fips_premain_dso: No such file or directory

Dr. Stephen Henson
In reply to this post by Roar Lien
On Thu, Feb 14, 2013, Roar Lien wrote:

> Hi,
> I am trying to build a shared library that statically links to a fips
> enabled openssl library under Linux. When I try to build my shared library
> using:
>
> 'make CC=/usr/local/ssl/fips-2.0/bin/fipsld FIPSLD_CC=gcc'
>
> I get an error saying:
>
> /usr/local/ssl/fips-2.0/bin/fipsld: line 137: ./fips_premain_dso: No such
> file or directory
>
> In the windows build, fips_premain_dso.exe is located in the bin directory
> of the openssl installation. For the linux build, the bin directory contains
> 'c_rehash' opperl script and the 'openssl' executable. Is 'fips_premain_dso'
> not a part of the Linux build?
>

The fips_premain_dso binary is not needed for a static build of the FIPS
capable OpenSSL: just a shared library build. I'd suggest you build the
OpenSSL shared libraries and use the fips_premain_dso that generates.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: fipsld ./fips_premain_dso: No such file or directory

Roar Lien
According to the documentation, fips_premain_dso appears to be required when the application is a shared library. fips_premain_dso is part of the static build and it is referenced in fipsld. With that and adding  lpthread and Bsymbolic to the command line I am able to link statically and enter fips mode.

Roar
Reply | Threaded
Open this post in threaded view
|

Re: fipsld ./fips_premain_dso: No such file or directory

sreekanth1m
@Roar,
could you let me know where to add lpthread and bsymbolic to link statically
as I am also facing the the same issue when making a FIPS library.

Thanks



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html