On Mon, Jun 12, 2006, Haridharan wrote: > I compiled fips module OpenSSL-fips-1.0.tar.gz with the following options > ./Configure fips hpux-ia64-cc >
If you literally typed that command in then it is a violation of the security policy and the result is not compliant. If the config script chose those options when you did: ./config fips then you are OK. > And the official OpenSSL release 0.9.7j with the following options > ./Configure threads zlib shared no-rc5 no-idea no-krb5 > fips --openssldir=/opt/openssl hpux-ia64-cc > > I tried compling the sample FIPS application given in the FIPS User Guide, > page # 47 fips_sample.c > > The compile options are > > cc -I.. -I/opt/openssl/include > +Z -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN > -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DOPENSSL_NO_RC5 -DOPENSSL_NO_IDEA -Ae > +DD32 +O3 +Olit=all -z -DB_ENDIAN -c -o fips_sample.o fips_sample.c > > cc -o fips_sample -I/opt/openssl/include > +Z -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN > -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DOPENSSL_NO_RC5 -DOPENSSL_NO_IDEA -Ae > +DD32 +O3 +Olit=all -z -DB_ENDIAN fips_sample.o /opt/openssl/lib/libssl.a > /opt/openssl/lib/libcrypto.a -Wl,+s,+b,/opt/openssl/lib -ldl -lz > You MUST use the fipsld script for that step. Try just using fipsld instead of cc. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
