Steve: 1. HP C trial version Appears that there are patchs which must be applied to the (trial) HP C depot installation on my platform. I'm not a sysadmin, but, am assuming the role with this particular PA-RISC2.0 platform. I had assumed that the depot included everything and that the swinstall -p command would warn me if any dependencies weren't met. 2. gcc Do I understand correctly that to build the FIPS Object Module (FOM) with gcc on HP-UX PA-RISC2.0, gcc must be a 64-bit binary. That is, the gcc 32-bit binary does NOT generate a valid FOM (32-bit or 64-bit) because the gcc 32-bit binary behaves as described in Appendix E.1, FOM User Guide, but, the gcc 64-bit binary DOES generate a valid FOM (32-bit or 64-bit).
Thanks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steve Marquess Sent: Monday, May 05, 2008 7:10 AM To: openssl-users@openssl.org Subject: Re: openssl-fips-1.1.2 "make install" fails in fips-1.0/Makefile for hpux64-ia64-cc HP-UX 11 Welling, Conrad Gerhart wrote: > Steve: > Here 'tis: > > ------------------------------------------------------------------------------- > > > Makefile > ------------------------------------------------------------------------------- > > > FIPSPROD = openssl-fips-1.1.2.tar > FIPSDIR = openssl-fips-1.1.2 > > all: fips-build > > $(FIPSDIR): $(FIPSPROD) > tar xf $(FIPSPROD) > > fips-build: $(FIPSDIR) > export PATH=/usr/local/bin:$$PATH; \ > cd $(FIPSDIR); \ > ./config fips > x.config-fips 2>&1 ; \ > make > x.make 2>&1 Can't see anything wrong here ... we know gcc isn't in /usr/local/. > ... > > ------------------------------------------------------------------------------- > > > x.make (tail -51 x.make) > Notes > 1. Re: "cc: warning 422: Unknown option "-nostdlib" ignored." > Looks like the fips-1.0/Makefile is configured to use gcc since it > includes > the gcc "-nostdlib" option in "set -x; $(CC) $(CFLAGS) -r -nostdlib > -o $@ $$objs ; \. > The HP-C compiler (not bundled one) doesn't have the -nostdlib option. > ------------------------------------------------------------------------------- > > > ... > cc: warning 422: Unknown option "-nostdlib" ignored. > > ... > > /usr/ccs/bin/ld: Duplicate symbol "$global$" in files > /opt/langtools/lib/crt0.o and ../libcrypto.a(fip > scanister.o) > /usr/ccs/bin/ld: Duplicate symbol "$START$" in files > /opt/langtools/lib/crt0.o and ../libcrypto.a(fips > canister.o) > /usr/ccs/bin/ld: Duplicate symbol "$ARGV" in files > /opt/langtools/lib/crt0.o and ../libcrypto.a(fipsca Ah, these duplicates are for symbols in libc, which the "-nostdlib" would omit for the call to the linker. It probably would not be hard to tweak the link voodoo to make this work (Andy Polyakov would know), but not without modifying the build commands and thus violating the conditions of the Security Policy. For now you're stuck with gcc, I'm afraid. I'll see if we can't address this for future validations (the pending v1.2 is too far along to change) if you or others can do the HP compiler test. Although ... just in case, can you try this for v1.2 (ftp://ftp.openssl.org/snapshot/openssl-fips-test-1.2.0.tar.gz)? The canonical build commands for v1.2 are "./config fipscanisterbuild; make". -Steve M. -- Steve Marquess Open Source Software Institute [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
