It appears that I'm close to building a FIPS-capable openssl-0.9.7m on HP-UX
11iv1 (B.11.11) using
1. HP pre-built openssl-fips-1.1.2
2. HP openssl-0.9.7m source
from OpenSSL_A.00.09.07m.020_HP-UX_B.11.11_32_64.depot. However, I do not yet
know how to interpret the following make error. The build fails in
./openssl-0.9.7m/fips-1.0/fipsld where fips_premain_dso is trying to generate a
signature of libcrypto.sl.0 at the following line ...
SIG=`("fips-1.0/../fips-1.0/fips_premain_dso" "./libcrypto.sl.0" || rm
"./libcrypto.sl.0")
with the (presumed) ld_pa errors ...
14835:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared
library:dso_dlfcn.c:157:filename(./libcrypto.sl.0): Unsatisfied code symbol
'private_RC5_32_set_key' in load module './libcrypto.sl.0'.
14835:error:25070067:DSO support routines:DSO_load:could not load the shared
library:dso_lib.c:244:
I presume that the linker is trying to resolve symbols for fips_premain_dso,
but, I don't yet understand why libcrypto.sl.0 shouldn't have the symbols
defined ...
/barrel/udc/dhp/openssl/0.9.7/src/openssl-0.9.7m/libcrypto.sl.0: ELF-64
shared object file - PA-RISC 2.0 (LP64)
2888: 0000000000000000 0 FUNC GLOBAL DEFAULT UND
private_RC5_32_set_key
7890: 0000000000000000 0 FUNC GLOBAL DEFAULT UND
private_RC5_32_set_key
chatr fips_premain_dso ...
fips_premain_dso:
64-bit ELF executable
shared library dynamic path search:
LD_LIBRARY_PATH enabled first
SHLIB_PATH enabled second
embedded path enabled third /usr/local/ssl/lib
shared library list:
libdl.1
libc.2
shared library binding:
deferred
So, there's no help there.
What am I missing? There's plenty I don't understand, but, as I am currently
wading through the details of the Makefiles and analyzing the compiler/linker
settings, I'm concerned that I'm missing something basic.
SUPPORTING ARTIFACTS
------------------------------------------------------------------------------------------------
This is the tail-end of the make log:
...
THERE: fips-1.0/..
FIPSLIBDIR: /usr/local/ssl/lib
PREMAIN_C: /usr/local/ssl/lib/fips_premain.c
Canister: /usr/local/ssl/lib/fipscanister.o
verify fipscanister.o against its detached signature...
HMAC-SHA1(fipscanister.o)= a624cf3efcb3ef5e08fbb1643844068bda168ea5
verify fipspremain.c against its detached signature...
Temporarily remove fipscanister.o from libcrypto.a!
ar d fips-1.0/../libcrypto.a
CC: gcc
CANISTER_O: /usr/local/ssl/lib/fipscanister.o
PREMAIN_C: /usr/local/ssl/lib/fips_premain.c
_WL_PREMAIN: -Wl,+init,FINGERPRINT_premain
Params: -shared -Wl,-B,symbolic,+vnocompatwarnings,-z,+h,libcrypto.sl.0 -o
libcrypto.sl.0 -Wl,+forceload -Wl,+nodefaultrpath,libcrypto.a -ldld
TARGET: ./libcrypto.sl.0
fips_premain_dso found
./libcrypto.sl.0 found
generate signature
PWD: /barrel/udc/dhp/openssl/0.9.7/src/openssl-0.9.7m
THERE: fips-1.0/..
TARGET: ./libcrypto.sl.0
-rwxrwxrwx 1 root sys 2376552 Jun 4 18:24 ./libcrypto.sl.0
Executing ...
SIG=`("fips-1.0/../fips-1.0/fips_premain_dso" "./libcrypto.sl.0" || rm
"./libcrypto.sl.0")`
14835:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared
library:dso_dlfcn.c:157
:filename(./libcrypto.sl.0): Unsatisfied code symbol 'private_RC5_32_set_key'
in load module './libcry
pto.sl.0'.
14835:error:25070067:DSO support routines:DSO_load:could not load the shared
library:dso_lib.c:244:
cgw: IN trap
*** Error exit code 1
Stop.
---------------------------------------------------------------------------------------------------
The symbol 'private_RC5_32_set_key' is NOT found in the pre-built FIPS-capable
libcrypto.a, IS found ONCE as UNDefined in the ./libcrypto.a generated by the
build ...
/barrel/udc/dhp/openssl/0.9.7/src/openssl-0.9.7m/libcrypto.a
25: 0000000000000000 0 FUNC GLOBAL DEFAULT UND private_RC5_32_set_key
-rw-rw-rw- 1 root sys 3304682 Jun 4 17:09
/barrel/udc/dhp/openssl/0.9.7/src/openssl-0.
AND IS found twice as UNDdefined in the ./libcrypto.sl.0 generated (then
deleted) by the build ...
/barrel/udc/dhp/openssl/0.9.7/src/openssl-0.9.7m/libcrypto.sl.0: ELF-64
shared object file - PA-RISC 2.0 (LP64)
2888: 0000000000000000 0 FUNC GLOBAL DEFAULT UND
private_RC5_32_set_key
7890: 0000000000000000 0 FUNC GLOBAL DEFAULT UND
private_RC5_32_set_key
