Hi all,
When I compile against OpenSSL 0.9.8j + OpenSSL-FIPS-1.2 module on Centos 4.7, I get an error in client.c:
client.o(.text+0x1dd): In function `init_ssl': /tmp/stunnel-4.27/src/client.c:333: undefined reference to `FIPS_set_prng_key' collect2: ld returned 1 exit status make[1]: *** [stunnel] Error 1 make[1]: Leaving directory `/tmp/stunnel-4.27/src' make: *** [all-recursive] Error 1
It seems this call is related to a bug in OpenSSL-FIPS-1.1.1 module according to the comments.
Checking the references in the includes for both OpenSSL 0.9.8j and OpenSSL-FIPS-1.2, I found that the call should be "fips_set_prng_key" with 3 arguments (the above requires only 2).
So based on the comments, I removed it and I was able to successfully compile and install. Not sure if that is the right thing to do???
Dave
removed the call entirely? that may not have been what you wanted to do. sounds like you may have been using the .h files from the wrong version?
On Mon, Mar 9, 2009 at 12:54 PM, David W Blaine dblaine2@csc.com wrote:
Hi all,
When I compile against OpenSSL 0.9.8j + OpenSSL-FIPS-1.2 module on Centos 4.7, I get an error in client.c:
client.o(.text+0x1dd): In function `init_ssl': /tmp/stunnel-4.27/src/client.c:333: undefined reference to `FIPS_set_prng_key' collect2: ld returned 1 exit status make[1]: *** [stunnel] Error 1 make[1]: Leaving directory `/tmp/stunnel-4.27/src' make: *** [all-recursive] Error 1
It seems this call is related to a bug in OpenSSL-FIPS-1.1.1 module according to the comments.
Checking the references in the includes for both OpenSSL 0.9.8j and OpenSSL-FIPS-1.2, I found that the call should be "fips_set_prng_key" with 3 arguments (the above requires only 2).
So based on the comments, I removed it and I was able to successfully compile and install. Not sure if that is the right thing to do???
Dave _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Hi list,
Sorry about the previous posting. Resubmitting without HTML.
The only reference to this call is in fips_rand.c and as I said it is in all lower case. The third parameter appears to be the key size which can be 16, 24 or 32.
Has anyone successfully compiled stunnel against openssl fips 1.2???
----------------------------------------------------------------- DAVID BLAINE, GCIA , CISSP GDLS-C Lead Information Risk Manager (LIRM) CSC
6000 E. 17 Mile Rd. Sterling Heights MI 48313 GIS | o: 586.825.7650 | c: 810.217.8041 | f: 586.825.8606 | dblaine2@csc.com | www.csc.com
This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
"C.J. Adams-Collier" cjac@colliertech.org 03/09/2009 06:28 PM
To David W Blaine/GIS/CSC@CSC cc stunnel-users@mirt.net Subject Re: [stunnel-users] Stunnel 4.26 compile issue against openssl 0.9.8j + openssl-fips-1.2
removed the call entirely? that may not have been what you wanted to do. sounds like you may have been using the .h files from the wrong version?
On Mon, Mar 9, 2009 at 12:54 PM, David W Blaine dblaine2@csc.com wrote:
Hi all,
When I compile against OpenSSL 0.9.8j + OpenSSL-FIPS-1.2 module on Centos 4.7, I get an error in client.c:
client.o(.text+0x1dd): In function `init_ssl': /tmp/stunnel-4.27/src/client.c:333: undefined reference to `FIPS_set_prng_key' collect2: ld returned 1 exit status make[1]: *** [stunnel] Error 1 make[1]: Leaving directory `/tmp/stunnel-4.27/src' make: *** [all-recursive] Error 1
It seems this call is related to a bug in OpenSSL-FIPS-1.1.1 module according to the comments.
Checking the references in the includes for both OpenSSL 0.9.8j and OpenSSL-FIPS-1.2, I found that the call should be "fips_set_prng_key" with 3 arguments (the above requires only 2).
So based on the comments, I removed it and I was able to successfully compile and install. Not sure if that is the right thing to do???
Dave _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
-
C.J. Adams-Collier -
David W Blaine