Hi Chris, Wei, The normal OpenSSL config and build scripts seem to be different from the FIPS one. My original attempts at building FIPS didn't run into a problem until the steps to link fipscannister.o itself. This wouldn't be an issue with the normal OpenSSL distribution.
Here is procedure that worked for me. I was able to build this on Solaris by performing the following steps: 1) Install GCC and GNU's linker. Configure GCC to use GNU's linker (/usr/ccs/bin/ld will not work). My binary distribution of GCC required me to create a symbolic link to the GNU's ld. GCC can be built with appropriate flags so that this is not necessary. 3) Download opens-fips-1.1.1. Check the digest to make sure it is accurate as described in the User Guide for FIPS 1.0. 4) Unzip/untar the fips distribution 5) Run "./config fips". Make sure that the output says it will use gcc. Note that "fips" was the only argument I passed to config. 6) Run "make". 7) Run "make install". 8) FIPS objects will be in /usr/local/ssl/lib. The errors that Wei mentioned are similar to the ones I originally saw on Solaris. The linker distributed with the OS doesn't understand the options supplied for GNU's linker. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Marshall Sent: Thursday, February 15, 2007 2:10 PM To: openssl-users@openssl.org Subject: RE: compiling openssl-fips-1.1.1 on HP-UX 11.11 David: Thanks for the info. Interestingly enough, I was able to compile and install openssl-0.9.7l without any problems. It's only the fips piece that has an error in the link step. Chris Marshall --- David Hartman <[EMAIL PROTECTED]> wrote: > I recently tried compiling FIPS on Solaris with similar results. What I > found is some of the link options were only understood by the GNU > linker. > > I installed the GNU linker along with GCC. GCC has to be compiled to use > specific linkers. Since mine was compiled to use /usr/ccs/bin/ld, I > moved that linker and created a symbolic link to my GNU linker. I was > then able to successfully build FIPS on Solaris. > > I suspect a similar thing is happening for you in HPUX. You need to use > GNU's ld. > > -David > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Christopher > Marshall > Sent: Thursday, February 15, 2007 12:51 PM > To: openssl-users@openssl.org > Subject: compiling openssl-fips-1.1.1 on HP-UX 11.11 > > I am having trouble compiling openssl-fips-1.1.1 on HP-UX. If anyone > has any ideas what I am > doing wrong, I would be much oblidged ;-) > > I'm getting the following error message at the end of the make attempt: > > rm -f openssl > + ../fips-1.0/fipsld -o openssl -DMONOLITH -I.. -I../include > -DOPENSSL_THREADS -DDSO_DL > -DOPENSSL_NO_KRB5 -D_REENTRANT -O3 -DB_E > NDIAN -DBN_DIV2W openssl.o verify.o asn1pars.o req.o dgst.o dh.o > dhparam.o enc.o passwd.o gendh.o > errstr.o ca.o pkcs7.o crl2p7.o > crl.o rsa.o rsautl.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o > s_server.o s_client.o speed.o > s_time.o apps.o s_cb.o s_socket.o > app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o > smime.o rand.o engine.o > ocsp.o prime.o ../libssl.a ../l > ibcrypto.a -Wl,+cdp,../:,+cdp,./:,+s,+b,//u01/ident/omteam/opt/lib -ldld > /usr/ccs/bin/ld: Unrecognized argument: +init > /usr/ccs/bin/ld: Usage: /usr/ccs/bin/ld [options] [flags] files > collect2: ld returned 1 exit status > make[1]: *** [openssl] Error 1 > make[1]: Leaving directory > `/u01/ident/omteam/packages/build/openssl/openssl-fips-1.1.1/apps' > make: *** [sub_all] Error 1 > > > Here's the output of uname -a for my system: > > HP-UX some-machine B.11.11 U 9000/800 > > I ran config like this: > ./config --prefix=/${HOME}/opt/ fips > > and make without arguments: > make > > The config didn't have any error messages. Here's the final page from > the output of config: > > Configuring for hpux-parisc-gcc > IsWindows=0 > CC =gcc > CFLAG =-DOPENSSL_THREADS -DDSO_DL -DOPENSSL_NO_KRB5 > -D_REENTRANT -O3 -DB_ENDIAN > -DBN_DIV2W > EX_LIBS =-Wl,+cdp,../:,+cdp,./:,+s,+b,$(INSTALLTOP)/lib -ldld > BN_ASM =bn_asm.o > DES_ENC =des_enc.o fcrypt_b.o > BF_ENC =bf_enc.o > CAST_ENC =c_enc.o > RC4_ENC =rc4_enc.o > RC5_ENC =rc5_enc.o > MD5_OBJ_ASM = > SHA1_OBJ_ASM = > RMD160_OBJ_ASM= > PROCESSOR = > RANLIB =/usr/local/bin/ranlib > ARFLAGS = > PERL =/usr/local/bin/perl > THIRTY_TWO_BIT mode > DES_PTR used > DES_RISC1 used > DES_UNROLL used > BN_LLONG mode > RC4_CHUNK is undefined > > Chris Marshall > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
