Hello,
I was able to build the FIPS 1.2 software successfully using
./config --prefix=/apps/fips_build/fips-1.2-install fipscanisterbuild
no-asm
make
make install
then I built openssl-0.9.8j using the very standard options and telling
it my fipslibdir:
VERSION=0.9.8j
MAJOR=0
MINOR=9.8
SHLIB_VERSION_NUMBER=0.9.8
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=0
SHLIB_MINOR=9.8
SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
PLATFORM=aix-cc
OPTIONS=fips --with-fipslibdir=/apps/fips_build/fips-1.2-install/lib
--prefix=/apps/fips_build/openssl-0.9.8j-install no-camellia no-capieng
no-cms
no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed
no-zlib no-zlib-dynamic
CONFIGURE_ARGS=aix-cc fips
--with-fipslibdir=/apps/fips_build/fips-1.2-install/lib
--prefix=/apps/fips_build/openssl-0.9.8j-install
SHLIB_TARGET=aix-shared
So far so good. I modified the LIBPATH and have modified our linker
options and makefiles to use the fipsld loader. The test program does
compile, link, and load. When executing, the FIPS_mode_set returns
zero. I put in printf statements into the code to determine the source
of the problem and have found that the RSA self-test fails on the very
first test.
The self-test IS invoked, but fails on the following test in
fips_rsa_selftest.c. Can you please indicate what could be causing this
issue? The build and linkage seems okay. Any help would be very
greatly appreciated. Let me know if any additional information would
help. To note, even though it reports using makeC++SharedLib, I have
set FIPSLD_CC to xlC_r with -qmkshrobj.
if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1,
"RSA SHA1 PKCS#1"))
Here is the segment of the makefile responsible for this program:
$(L1) : $(OBJS) $(MOM_FIPS)$(SLASH)lib$(SLASH)fipscanister.o
ifeq ($(OC_LIBTYPE), SHARED)
@if [ ! -d $(TEM_PATH) ]; then \
if [ ! -z "$(OBJS)" ]; then \
echo $(SLD) -o $@ $(SLDFLAGS) $(OBJS) ; \
export FIPSLD_CC=xlC_r ;\
/apps/fips_build/openssl-fips-1.2/fips/fipsld -x -G
-qmkshrobj -o $@ $(SLDFLAGS) $(OBJS)
$(MOM_FIPS)$(SLASH)lib$(SLASH)fipscanister.o $(LIB
S) $(MOM_FIPS)$(SLASH)lib$(SLASH)libcrypto.so; \
Here is the compile/link command that is succeeding that uses fipsld:
**** COMPILING test.cpp ****
xlC_r -c -g -qcpluscmt -qinitauto=00 -D_RWCONFIG_8d -DXML_LIBRARY
-qlanglvl=ansifor -qlonglong -qfuncsect -bnoquite -bloadmap
-qnamemangling=v8 -DOC_USE_ODA -DMOM_USE_DB2_CLI -DOC_AIX
-D_RWCONFIG_8d -DOC_AIX_VACPP -DOC_CONSOLE_EXE -DOC_MULTI_THREADED
-DOC_NO_SMARTHEAP -DOC_UNIX -DOC_EXCEPTIONS -DOC_DEBUG
-DOC_NO_STATICS -DOS_NO_STATICS -DOS_NO_BASE_TYPE_CONVERSION
-DOS_DEFAULT_TEMPLATE_ARGUMETS -I/apps/mom/oc/
nightly_view/MOM_OC/testfips -I/apps/RogueWave9.1/RW9.1_63x_workspace/
-I/apps/bea10/tuxedo10.0//include -I.
-I/apps/bea10/tuxedo10.0//include/xercesc
-I/apps/fips_build/fips-1.2-install/include -c test.cpp
/usr/vacpp/bin/makeC++SharedLib -o /apps/mom/oc/
nightly_view/MOM_OC/lib/libtestfips630.so test.o
PREMAIN_C = /apps/fips_build/fips-1.2-install/lib/fips_premain.c
About to run xlC_r -Wl,-binitfini:FINGERPRINT_premain,-bnoobjreorder -x
-G -qmkshrobj -o /apps/mom/oc/nightly_view/MOM_OC/li
b/libtestfips630.so test.o
/apps/fips_build/fips-1.2-install/lib/fipscanister.o
/apps/fips_build/fips-1.2-install/lib/libcrypto.so...
Thank you for your time,
Jeremy R.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
