On Wed Feb 18 21:12:22 2015, stuart.k...@netiq.com wrote: > > Trying to build FIPS capable OpenSSL on HP-UX ia64 > > Using openssl-fips-2.0.9.tar.gz and openssl-1.0.1l.tar.gz. > > > Looks like the symbols "AES_decrypt" and "AES_encrypt" were renamed to > "fips_aes_decrypt" and "fips_aes_encrypt" respectively, but > "AES_Td" and "AES_Te" were forgotten. > > # nm openssl-fips-ecp-2.0.9/crypto/aes/aes-ia64.o | grep GL > OB > [10] | 5632| 2304|OBJT |GLOB |0| > .text|AES_Td > [9] | 3328| 2304|OBJT |GLOB |0| > .text|AES_Te > [8] | 2624| 704|FUNC |GLOB |0| > .text|fips_aes_decrypt > [7] | 960| 704|FUNC |GLOB |0| > .text|fips_aes_encrypt > > > # nm openssl-1.0.1l/crypto/aes/aes-ia64.o | grep GLOB > [10] | 5632| 2304|OBJT |GLOB |0| > .text|AES_Td > [9] | 3328| 2304|OBJT |GLOB |0| > .text|AES_Te > [8] | 2624| 704|FUNC |GLOB |0| > .text|AES_decrypt > [7] | 960| 704|FUNC |GLOB |0| > .text|AES_encrypt >
We can't rename the FIPS symbols without a change letter so that can't happen immediately. As a workaround I'd suggest you rename the symbols in OpenSSL instead so they no longer clash with the FIPS module. If that works and you can send us a patch it will be included in future versions of OpenSSL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
