I compiled fips module OpenSSL-fips-1.0.tar.gz with the following options
./Configure fips hpux-ia64-cc
If you literally typed that command in then it is a violation of the
security
policy and the result is not compliant.
If the config script chose those options when you did:
./config fips
then you are OK.
I tried the same as specified in the Security Policy.
# ./config fips
Operating system: ia64-hp-hpux1x
WARNING! 64-bit ABI is the default configured ABI on HP-UXi.
If you wish to build 32-bit library, the you have to
invoke './Configure hpux-ia64-cc' *manually*.
You have about 5 seconds to press Ctrl-C to abort.
It automatically choosed the 64-bit ABI. I'm in need of 32-bit library. So,
I followed the suggestion provided in the warning message. Can you suggest
me how to build 32-bit library.
And the official OpenSSL release 0.9.7j with the following options
./Configure threads zlib shared no-rc5 no-idea no-krb5
fips --openssldir=/opt/openssl hpux-ia64-cc
I tried compling the sample FIPS application given in the FIPS User
Guide,
page # 47 fips_sample.c
The compile options are
cc -I.. -I/opt/openssl/include
+Z -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DOPENSSL_NO_RC5 -DOPENSSL_NO_IDEA -Ae
+DD32 +O3 +Olit=all -z -DB_ENDIAN -c -o fips_sample.o fips_sample.c
cc -o fips_sample -I/opt/openssl/include
+Z -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DOPENSSL_NO_RC5 -DOPENSSL_NO_IDEA -Ae
+DD32 +O3 +Olit=all -z -DB_ENDIAN fips_sample.o /opt/openssl/lib/libssl.a
/opt/openssl/lib/libcrypto.a -Wl,+s,+b,/opt/openssl/lib -ldl -lz
You MUST use the fipsld script for that step. Try just using fipsld
instead of
cc.
Thanks a lot Steve.
--Haridharan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
