acvp_app build failed for non-runtime mode
Closed this issue · 10 comments
Hi,
I am getting below error while do make the ACVP application in non-runtime mode.
libtool: link: /usr/local/ssl/fips-2.0/bin/fipsld -g -fPIE -I../include -I/usr/local/ssl/include -DACVP_NO_RUNTIME -DOPENSSL_FIPS -I/usr/local/ssl/fips-2.0/include -I/home/acvpuser/new/acvp_1_4_0/libacvp/safe_c_stub/include -g -O2 -Wall -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wl,-z -Wl,noexecstack -DACVP_OFFLINE -o acvp_app acvp_app-app_main.o acvp_app-app_aes.o acvp_app-app_cli.o acvp_app-app_cmac.o acvp_app-app_des.o acvp_app-app_drbg.o acvp_app-app_dsa.o acvp_app-app_ecdsa.o acvp_app-app_hmac.o acvp_app-app_kas.o acvp_app-app_kdf.o acvp_app-app_kas_kdf.o acvp_app-app_rsa.o acvp_app-app_sha.o acvp_app-app_utils.o /usr/local/ssl/fips-2.0/lib/fipscanister.o -L/home/acvpuser/new/acvp_1_4_0/libacvp/src/.libs /home/acvpuser/new/acvp_1_4_0/libacvp/src/.libs/libacvp.a -L/usr/local/ssl/lib -lcrypto -L/usr/local/ssl/fips-2.0/lib -ldl
/usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/Scrt1.o: In function _start': (.text+0x20): undefined reference to main'
collect2: error: ld returned 1 exit status
Makefile:557: recipe for target 'acvp_app' failed
make[1]: *** [acvp_app] Error 1
make[1]: Leaving directory '/home/acvpuser/new/acvp_1_4_0/libacvp/app'
Makefile:454: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1
Currently my build environment has below versions,
Libacvp version: libacvp_1_4_0-throttle
OpenSSL version: OpenSSL 1.0.2y
FOM version: 2_0_6
I didn’t make any changes in the libacvp code.
I saw there was an issue reported earlier for the same issue. I tried all the steps suggested (make with --disable-kdf) in that page, but nothing helped.
#592
Please help me to resolve this issue.
Hello,
Could you provide the configure command/arguments you used?
I will be looking more into this. Thanks for the info!
Andrew
Andrew,
i have used the below configure command,
./configure --with-ssl-dir=/usr/local/ssl --with-fom-dir=/usr/local/ssl/fips-2.0 --disable-kdf --enable-static --enable-offline LIBS=-ldl
Hello,
Could you provide a bit of info about the platform being built on and/or for? I am unable to reproduce this; my link command looks identical to yours but has no issue. The main function is in app_main.o which is listed.
Do you have this set?
FIPSLD_CC=gcc
Also, are you setting any other env variables such as CC, LD, etc?
Thanks,
Andrew
Andrew,
Actually i used the below command to set the environment variable before configure, this worked fine for building runtime application.
export FIPSLD_CC=gcc
While building the non-runtime application even after exporting this variable also not taking the CC, getting the below error,
make[2]: Entering directory '/home/acvpuser/new/acvp_1_4_0/libacvp/safe_c_stub/lib'
/bin/bash ../../libtool --tag=CC --mode=compile /usr/local/ssl/fips-2.0/bin/fipsld -DPACKAGE_NAME="libacvp" -DPACKAGE_TARNAME="libacvp" -DPACKAGE_VERSION="1.4.0" -DPACKAGE_STRING="libacvp\ 1.4.0" -DPACKAGE_BUGREPORT="https://github.com/cisco/libacvp/issues\" -DPACKAGE_URL="" -DPACKAGE="libacvp" -DVERSION="1.4.0" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=".libs/" -I. -I../include -fPIC -g -O2 -Wall -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wl,-z,noexecstack -DACVP_OFFLINE -MT ../src/libsafe_lib_la-safe_mem_stub.lo -MD -MP -MF ../src/.deps/libsafe_lib_la-safe_mem_stub.Tpo -c -o ../src/libsafe_lib_la-safe_mem_stub.lo test -f '../src/safe_mem_stub.c' || echo './'../src/safe_mem_stub.c
libtool: compile: /usr/local/ssl/fips-2.0/bin/fipsld -DPACKAGE_NAME="libacvp" -DPACKAGE_TARNAME="libacvp" -DPACKAGE_VERSION="1.4.0" "-DPACKAGE_STRING="libacvp 1.4.0"" -DPACKAGE_BUGREPORT="https://github.com/cisco/libacvp/issues\" -DPACKAGE_URL="" -DPACKAGE="libacvp" -DVERSION="1.4.0" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=".libs/" -I. -I../include -fPIC -g -O2 -Wall -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wl,-z,noexecstack -DACVP_OFFLINE -MT ../src/libsafe_lib_la-safe_mem_stub.lo -MD -MP -MF ../src/.deps/libsafe_lib_la-safe_mem_stub.Tpo -c ../src/safe_mem_stub.c -fPIC -DPIC -o ../src/.libs/libsafe_lib_la-safe_mem_stub.o
$CC is not defined
Makefile:426: recipe for target '../src/libsafe_lib_la-safe_mem_stub.lo' failed
make[2]: *** [../src/libsafe_lib_la-safe_mem_stub.lo] Error 1
make[2]: Leaving directory '/home/acvpuser/new/acvp_1_4_0/libacvp/safe_c_stub/lib'
Makefile:361: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/home/acvpuser/new/acvp_1_4_0/libacvp/safe_c_stub'
Makefile:454: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1
Hence i used the below command to make the build after configure and make clean,
sudo LD_LIBRARY_PATH=/usr/local/ssl/lib:/usr/local/lib FIPSLD_CC=gcc make
Now I’m getting the actual issue reported in this case.
local/ssl/lib -lcrypto -L/usr/local/ssl/fips-2.0/lib -ldl
/usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/Scrt1.o: In function _start': (.text+0x20): undefined reference to main'
collect2: error: ld returned 1 exit status
Makefile:557: recipe for target 'acvp_app' failed
Please find the platform detail below,
$ uname -a
Linux acvp-test1 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Please let me know if you need any other information.
Hello,
After running make and before running clean or anything, could you run this in the 'app' directory, and provide the output?
objdump -t acvp_app-app_main.o
Thanks,
Andrew
Please find the requested output below,
$ objdump -t acvp_app-app_main.o
acvp_app-app_main.o: file format elf64-x86-64
SYMBOL TABLE:
0000000000000000 l df ABS 0000000000000000 app_main.c
0000000000000000 l d .text 0000000000000000 .text
0000000000000000 l d .data 0000000000000000 .data
0000000000000000 l d .bss 0000000000000000 .bss
0000000000000000 l F .text 0000000000000051 dummy_cb
0000000000000000 l O .bss 0000000000000400 dummy_entropy
0000000000000000 l d .rodata.str1.1 0000000000000000 .rodata.str1.1
0000000000000060 l F .text 0000000000000044 progress
0000000000000000 l d .rodata.str1.8 0000000000000000 .rodata.str1.8
00000000000000b0 l F .text 00000000000006c5 enable_tdes
0000000000000780 l F .text 0000000000002025 enable_aes
0000000000000000 l d .text.unlikely 0000000000000000 .text.unlikely
0000000000000000 l F .text.unlikely 00000000000009ee enable_dsa
00000000000009ee l F .text.unlikely 0000000000000931 enable_rsa
000000000000131f l F .text.unlikely 000000000000089a enable_ecdsa
0000000000001bb9 l F .text.unlikely 000000000000219a enable_drbg
0000000000003d53 l F .text.unlikely 00000000000005ef enable_kas_kdf
00000000000027b0 l F .text 000000000000007a put_err_cb
0000000000002830 l F .text 00000000000000a4 add_err_cb
0000000000000000 l d .text.startup 0000000000000000 .text.startup
0000000000000000 l d .debug_info 0000000000000000 .debug_info
0000000000000000 l d .debug_abbrev 0000000000000000 .debug_abbrev
0000000000000000 l d .debug_loc 0000000000000000 .debug_loc
0000000000000000 l d .debug_aranges 0000000000000000 .debug_aranges
0000000000000000 l d .debug_ranges 0000000000000000 .debug_ranges
0000000000000000 l d .debug_line 0000000000000000 .debug_line
0000000000000000 l d .debug_str 0000000000000000 .debug_str
0000000000000000 l d .note.GNU-stack 0000000000000000 .note.GNU-stack
0000000000000000 l d .eh_frame 0000000000000000 .eh_frame
0000000000000000 l .rodata.str1.1 0000000000000000 .LC0
0000000000000000 l .rodata.str1.8 0000000000000000 .LC1
0000000000000038 l .rodata.str1.8 0000000000000000 .LC4
0000000000000003 l .rodata.str1.1 0000000000000000 .LC2
0000000000000009 l .rodata.str1.1 0000000000000000 .LC3
000000000000001a l .rodata.str1.1 0000000000000000 .LC5
000000000000002f l .rodata.str1.1 0000000000000000 .LC7
0000000000000038 l .rodata.str1.1 0000000000000000 .LC8
0000000000000051 l .rodata.str1.1 0000000000000000 .LC10
0000000000000062 l .rodata.str1.1 0000000000000000 .LC12
000000000000006e l .rodata.str1.1 0000000000000000 .LC13
000000000000007c l .rodata.str1.1 0000000000000000 .LC14
0000000000000070 l .rodata.str1.8 0000000000000000 .LC15
0000000000000089 l .rodata.str1.1 0000000000000000 .LC16
00000000000000a1 l .rodata.str1.1 0000000000000000 .LC17
00000000000000b9 l .rodata.str1.1 0000000000000000 .LC18
00000000000000d1 l .rodata.str1.1 0000000000000000 .LC19
00000000000000e9 l .rodata.str1.1 0000000000000000 .LC20
0000000000000101 l .rodata.str1.1 0000000000000000 .LC21
0000000000000119 l .rodata.str1.1 0000000000000000 .LC23
0000000000000098 l .rodata.str1.8 0000000000000000 .LC22
0000000000000061 l .rodata.str1.1 0000000000000000 .LC11
0000000000000047 l .rodata.str1.1 0000000000000000 .LC9
0000000000000025 l .rodata.str1.1 0000000000000000 .LC6
0000000000000133 l .rodata.str1.1 0000000000000000 .LC24
0000000000000188 l .rodata.str1.8 0000000000000000 .LC32
00000000000001e0 l .rodata.str1.8 0000000000000000 .LC33
0000000000000100 l .rodata.str1.8 0000000000000000 .LC29
00000000000000c0 l .rodata.str1.8 0000000000000000 .LC28
0000000000000163 l .rodata.str1.1 0000000000000000 .LC26
000000000000014c l .rodata.str1.1 0000000000000000 .LC25
0000000000000150 l .rodata.str1.8 0000000000000000 .LC30
000000000000017e l .rodata.str1.1 0000000000000000 .LC27
000000000000019a l .rodata.str1.1 0000000000000000 .LC31
0000000000000238 l .rodata.str1.8 0000000000000000 .LC34
0000000000000260 l .rodata.str1.8 0000000000000000 .LC35
0000000000000000 l d .comment 0000000000000000 .comment
0000000000000000 UND 0000000000000000 GLOBAL_OFFSET_TABLE
0000000000000000 UND 0000000000000000 __stack_chk_fail
0000000000000000 UND 0000000000000000 __printf_chk
0000000000000000 UND 0000000000000000 app_des_handler
0000000000000000 UND 0000000000000000 acvp_cap_sym_cipher_enable
0000000000000000 UND 0000000000000000 acvp_cap_sym_cipher_set_parm
0000000000000000 UND 0000000000000000 acvp_lookup_error_string
0000000000000000 UND 0000000000000000 app_aes_handler_aead
0000000000000000 g O .data 0000000000000020 value
0000000000000000 UND 0000000000000000 acvp_cap_set_prereq
0000000000000000 UND 0000000000000000 acvp_cap_sym_cipher_set_domain
0000000000000000 UND 0000000000000000 app_aes_handler
0000000000000000 UND 0000000000000000 app_aes_keywrap_handler
0000000000000000 UND 0000000000000000 app_dsa_handler
0000000000000000 UND 0000000000000000 acvp_cap_dsa_enable
0000000000000000 UND 0000000000000000 acvp_cap_dsa_set_parm
0000000000000000 UND 0000000000000000 FIPS_bn_new
0000000000000000 UND 0000000000000000 puts
0000000000000000 UND 0000000000000000 fips_bn_set_word
0000000000000000 UND 0000000000000000 BN_bn2hex
0000000000000000 UND 0000000000000000 FIPS_bn_free
0000000000000000 UND 0000000000000000 app_rsa_sig_handler
0000000000000000 UND 0000000000000000 acvp_cap_rsa_sig_enable
0000000000000000 UND 0000000000000000 acvp_cap_rsa_siggen_set_type
0000000000000000 UND 0000000000000000 acvp_cap_rsa_siggen_set_mod_parm
0000000000000000 UND 0000000000000000 acvp_cap_rsa_sigver_set_parm
0000000000000000 UND 0000000000000000 acvp_cap_rsa_sigver_set_exponent
0000000000000000 UND 0000000000000000 acvp_cap_rsa_sigver_set_type
0000000000000000 UND 0000000000000000 acvp_cap_rsa_sigver_set_mod_parm
0000000000000000 UND 0000000000000000 free
0000000000000000 UND 0000000000000000 app_ecdsa_handler
0000000000000000 UND 0000000000000000 acvp_cap_ecdsa_enable
0000000000000000 UND 0000000000000000 acvp_cap_ecdsa_set_parm
0000000000000000 UND 0000000000000000 app_drbg_handler
0000000000000000 UND 0000000000000000 acvp_cap_drbg_enable
0000000000000000 UND 0000000000000000 acvp_cap_drbg_set_parm
0000000000000000 UND 0000000000000000 acvp_cap_drbg_set_length
0000000000000000 UND 0000000000000000 app_kas_hkdf_handler
0000000000000000 UND 0000000000000000 acvp_cap_kas_kdf_enable
0000000000000000 UND 0000000000000000 acvp_cap_kas_kdf_set_parm
0000000000000000 UND 0000000000000000 acvp_cap_kas_kdf_set_domain
0000000000000000 UND 0000000000000000 app_kas_kdf_onestep_handler
0000000000000000 UND 0000000000000000 stderr
0000000000000000 UND 0000000000000000 __fprintf_chk
0000000000000000 UND 0000000000000000 fputc
0000000000000000 UND 0000000000000000 fputs
0000000000000000 g F .text.startup 0000000000002963 main
0000000000000000 UND 0000000000000000 memset_s
0000000000000000 UND 0000000000000000 ingest_cli
0000000000000004 O COM 0000000000000004 fips_selftest_fail
0000000000000004 O COM 0000000000000004 fips_mode
0000000000000000 UND 0000000000000000 FIPS_set_error_callbacks
0000000000000000 UND 0000000000000000 FIPS_get_default_drbg
0000000000000000 UND 0000000000000000 FIPS_drbg_init
0000000000000000 UND 0000000000000000 FIPS_drbg_set_callbacks
0000000000000000 UND 0000000000000000 FIPS_drbg_instantiate
0000000000000000 UND 0000000000000000 FIPS_drbg_method
0000000000000000 UND 0000000000000000 FIPS_rand_set_method
0000000000000000 UND 0000000000000000 getenv
0000000000000008 O COM 0000000000000008 server
0000000000000000 UND 0000000000000000 strtol
0000000000000004 O COM 0000000000000004 port
0000000000000008 O COM 0000000000000008 path_segment
0000000000000008 O COM 0000000000000008 api_context
0000000000000008 O COM 0000000000000008 ca_chain_file
0000000000000008 O COM 0000000000000008 cert_file
0000000000000008 O COM 0000000000000008 key_file
0000000000000000 UND 0000000000000000 putchar
0000000000000000 UND 0000000000000000 acvp_create_test_session
0000000000000000 UND 0000000000000000 acvp_set_server
0000000000000000 UND 0000000000000000 acvp_cleanup
0000000000000000 UND 0000000000000000 app_aes_cleanup
0000000000000000 UND 0000000000000000 app_des_cleanup
0000000000000000 UND 0000000000000000 app_dsa_cleanup
0000000000000000 UND 0000000000000000 app_rsa_cleanup
0000000000000000 UND 0000000000000000 app_ecdsa_cleanup
0000000000000000 UND 0000000000000000 acvp_set_api_context
0000000000000000 UND 0000000000000000 acvp_set_path_segment
0000000000000000 UND 0000000000000000 acvp_set_cacerts
0000000000000000 UND 0000000000000000 acvp_set_certkey
0000000000000000 UND 0000000000000000 app_setup_two_factor_auth
0000000000000000 UND 0000000000000000 acvp_mark_as_sample
0000000000000000 UND 0000000000000000 acvp_mark_as_post_only
0000000000000000 UND 0000000000000000 acvp_mark_as_delete_only
0000000000000000 UND 0000000000000000 strncmp_s
0000000000000000 UND 0000000000000000 acvp_cancel_test_session
0000000000000000 UND 0000000000000000 acvp_mark_as_request_only
0000000000000000 UND 0000000000000000 acvp_mark_as_get_only
0000000000000000 UND 0000000000000000 acvp_set_get_save_file
0000000000000000 UND 0000000000000000 acvp_set_json_filename
0000000000000000 UND 0000000000000000 acvp_run_vectors_from_file
0000000000000000 UND 0000000000000000 acvp_load_kat_filename
0000000000000000 UND 0000000000000000 app_safe_primes_handler
0000000000000000 UND 0000000000000000 acvp_cap_safe_primes_enable
0000000000000000 UND 0000000000000000 acvp_cap_safe_primes_set_parm
0000000000000000 UND 0000000000000000 app_kas_ffc_handler
0000000000000000 UND 0000000000000000 acvp_cap_kas_ffc_enable
0000000000000000 UND 0000000000000000 acvp_cap_kas_ffc_set_prereq
0000000000000000 UND 0000000000000000 acvp_cap_kas_ffc_set_scheme
0000000000000000 UND 0000000000000000 acvp_cap_kas_ffc_set_parm
0000000000000000 UND 0000000000000000 app_kts_ifc_handler
0000000000000000 UND 0000000000000000 acvp_cap_kts_ifc_enable
0000000000000000 UND 0000000000000000 acvp_cap_kts_ifc_set_param_string
0000000000000000 UND 0000000000000000 acvp_cap_kts_ifc_set_parm
0000000000000000 UND 0000000000000000 acvp_cap_kts_ifc_set_scheme_parm
0000000000000000 UND 0000000000000000 acvp_cap_kts_ifc_set_scheme_string
0000000000000000 UND 0000000000000000 app_sha_handler
0000000000000000 UND 0000000000000000 acvp_cap_hash_enable
0000000000000000 UND 0000000000000000 acvp_cap_hash_set_domain
0000000000000000 UND 0000000000000000 app_hmac_handler
0000000000000000 UND 0000000000000000 acvp_cap_hmac_enable
0000000000000000 UND 0000000000000000 acvp_cap_hmac_set_domain
0000000000000000 UND 0000000000000000 app_cmac_handler
0000000000000000 UND 0000000000000000 acvp_cap_cmac_enable
0000000000000000 UND 0000000000000000 acvp_cap_cmac_set_domain
0000000000000000 UND 0000000000000000 acvp_cap_cmac_set_parm
0000000000000000 UND 0000000000000000 acvp_get_expected_results
0000000000000000 UND 0000000000000000 acvp_resume_test_session
0000000000000000 UND 0000000000000000 acvp_get_results_from_server
0000000000000000 UND 0000000000000000 acvp_run
0000000000000000 UND 0000000000000000 acvp_put_data_from_file
0000000000000000 UND 0000000000000000 acvp_mark_as_put_after_test
0000000000000000 UND 0000000000000000 acvp_upload_vectors_from_file
0000000000000000 UND 0000000000000000 acvp_oe_ingest_metadata
0000000000000000 UND 0000000000000000 acvp_oe_set_fips_validation_metadata
0000000000000000 UND 0000000000000000 app_kas_ecc_handler
0000000000000000 UND 0000000000000000 acvp_cap_kas_ecc_enable
0000000000000000 UND 0000000000000000 acvp_cap_kas_ecc_set_prereq
0000000000000000 UND 0000000000000000 acvp_cap_kas_ecc_set_scheme
0000000000000000 UND 0000000000000000 acvp_cap_kas_ecc_set_parm
0000000000000000 UND 0000000000000000 app_kas_ifc_handler
0000000000000000 UND 0000000000000000 acvp_cap_kas_ifc_enable
0000000000000000 UND 0000000000000000 acvp_cap_kas_ifc_set_parm
0000000000000000 UND 0000000000000000 acvp_cap_kas_ifc_set_exponent
I can't say for certain that this will fix your current issue, but it will build the offline app as it was intended.
See the README comment "Note that openssl with FOM must also be built as static.". I guess we should also
state it should be build no-shared and no-dso as well.
Its likely that because you have shared libraries with dependencies that you're pulling in things that are not needed.
First, you're using the distro openssl, that's not what should be used. The intent for offline builds is to
strip as many library dependencies as possible, particularly the shared libraries.
The FOM should be built using no-shared no-dso -static
openssl should be built using no-shared no-dso -static
You should not have LIBS=-ldl on your acvp configure line, it should never be required for offline builds(see no-dso above)
Let us know if you hit issues building this way.
Regards.
As you suggested i tried to build the non-runtime application without LIBS=-ldl in configure and FOM & OpenSSL built using no-shared no-dso -static, but still getting the same error.
Kindly share if any other option would be helpful to resolve this issue.
The only way I can reproduce is by renaming main() in app_main.c, so I suspect the issue is environment, toolchain or makefile configuration.
- Please provide the output from the build with error like you did in the original comment.
- Please review your environment variables for CFLAG or LDFLAG definitions and remove if any exist.
- Please attach your top-level makefile and the makefile from the app directory.
- If it is a toolchain issue all we can do is recommend using older gcc toolchain for now.
Regards.
Hello,
I am closing this issue due to inactivity. If you have further questions about this issue, you may reopen it.
Thanks,
Andrew