I'm working with FIPS Capable OpenSSL. The source code is sequestered and cannot be changed.
To link to the static version of the OpenSSL library, all we need to do is:
export FIPS_SIG=`find /usr/local/ssl -iname incore`
export CC=`find /usr/local/ssl -iname fipsld`
export FIPSLS_CC=`find /usr/bin -iname gcc`
Then, simply perform:
$CC $CFLAGS <sources> -o myprogram <openssl libs>
The reasons for the gyration is OpenSSL will insert an additional source file - fips_premain.c - and compile it with the program sources. (Some additional steps occur, but the compilation of fips_premain.c is the relevant step).
However, when using g++, a couple of symbols are undefined because they were compiled with the C compiler when OpenSSL was installed, and g++ cannot find them when invoked as above:
/tmp/fips_premain-20db15.o: In function `FINGERPRINT_premain()':
/usr/local/ssl/fips-2.0/lib/fips_premain.c:103: undefined reference to `FIPS_text_start()'
/usr/local/ssl/fips-2.0/lib/fips_premain.c:116: undefined reference to `FIPS_incore_fingerprint(unsigned char*, unsigned int)'
If I add the --no-demangle linker option, here's what is output:
/tmp/fips_premain-be4611.o: In function `_Z19FINGERPRINT_premainv':
/usr/local/ssl/fips-2.0/lib/fips_premain.c:103: undefined reference to `_Z15FIPS_text_startv'
/usr/local/ssl/fips-2.0/lib/fips_premain.c:116: undefined reference to `_Z23FIPS_incore_fingerprintPhj'
Here are the lines of interest in fips_premain.c (around line 85):
extern const void *FIPS_text_start(), *FIPS_text_end();
extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
extern unsigned char FIPS_signature[20];
extern unsigned int FIPS_incore_fingerprint(unsigned char *,unsigned int);
Is there a way to mark a symbol as extern "C" from the command line?
https://stackoverflow.com/questions/22248074
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian