On Wed, Mar 11, 2009, Jeremy Regan wrote: > Hello, > > I was able to build the FIPS 1.2 software successfully using > > ./config --prefix=/apps/fips_build/fips-1.2-install fipscanisterbuild > no-asm > make > make install > > then I built openssl-0.9.8j using the very standard options and telling > it my fipslibdir: > > VERSION=0.9.8j > MAJOR=0 > MINOR=9.8 > SHLIB_VERSION_NUMBER=0.9.8 > SHLIB_VERSION_HISTORY= > SHLIB_MAJOR=0 > SHLIB_MINOR=9.8 > SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR) > PLATFORM=aix-cc > OPTIONS=fips --with-fipslibdir=/apps/fips_build/fips-1.2-install/lib > --prefix=/apps/fips_build/openssl-0.9.8j-install no-camellia no-capieng > no-cms > no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed > no-zlib no-zlib-dynamic > CONFIGURE_ARGS=aix-cc fips > --with-fipslibdir=/apps/fips_build/fips-1.2-install/lib > --prefix=/apps/fips_build/openssl-0.9.8j-install > SHLIB_TARGET=aix-shared > > So far so good. I modified the LIBPATH and have modified our linker > options and makefiles to use the fipsld loader. The test program does > compile, link, and load. When executing, the FIPS_mode_set returns > zero. I put in printf statements into the code to determine the source > of the problem and have found that the RSA self-test fails on the very > first test. > The self-test IS invoked, but fails on the following test in > fips_rsa_selftest.c. Can you please indicate what could be causing this > issue? The build and linkage seems okay. Any help would be very > greatly appreciated. Let me know if any additional information would > help. To note, even though it reports using makeC++SharedLib, I have > set FIPSLD_CC to xlC_r with -qmkshrobj. > > if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1, > kat_RSA_SHA1, sizeof(kat_RSA_SHA1), > EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, > "RSA SHA1 PKCS#1")) > > Here is the segment of the makefile responsible for this program: > > $(L1) : $(OBJS) $(MOM_FIPS)$(SLASH)lib$(SLASH)fipscanister.o > ifeq ($(OC_LIBTYPE), SHARED) > @if [ ! -d $(TEM_PATH) ]; then \ > if [ ! -z "$(OBJS)" ]; then \ > echo $(SLD) -o $@ $(SLDFLAGS) $(OBJS) ; \ > export FIPSLD_CC=xlC_r ;\ > /apps/fips_build/openssl-fips-1.2/fips/fipsld -x -G > -qmkshrobj -o $@ $(SLDFLAGS) $(OBJS) > $(MOM_FIPS)$(SLASH)lib$(SLASH)fipscanister.o $(LIB > S) $(MOM_FIPS)$(SLASH)lib$(SLASH)libcrypto.so; \ > > Here is the compile/link command that is succeeding that uses fipsld: > > **** COMPILING test.cpp **** > > xlC_r -c -g -qcpluscmt -qinitauto=00 -D_RWCONFIG_8d -DXML_LIBRARY > -qlanglvl=ansifor -qlonglong -qfuncsect -bnoquite -bloadmap > -qnamemangling=v8 -DOC_USE_ODA -DMOM_USE_DB2_CLI -DOC_AIX > -D_RWCONFIG_8d -DOC_AIX_VACPP -DOC_CONSOLE_EXE -DOC_MULTI_THREADED > -DOC_NO_SMARTHEAP -DOC_UNIX -DOC_EXCEPTIONS -DOC_DEBUG > -DOC_NO_STATICS -DOS_NO_STATICS -DOS_NO_BASE_TYPE_CONVERSION > -DOS_DEFAULT_TEMPLATE_ARGUMETS -I/apps/mom/oc/ > nightly_view/MOM_OC/testfips -I/apps/RogueWave9.1/RW9.1_63x_workspace/ > -I/apps/bea10/tuxedo10.0//include -I. > -I/apps/bea10/tuxedo10.0//include/xercesc > -I/apps/fips_build/fips-1.2-install/include -c test.cpp > /usr/vacpp/bin/makeC++SharedLib -o /apps/mom/oc/ > nightly_view/MOM_OC/lib/libtestfips630.so test.o > PREMAIN_C = /apps/fips_build/fips-1.2-install/lib/fips_premain.c > About to run xlC_r -Wl,-binitfini:FINGERPRINT_premain,-bnoobjreorder -x > -G -qmkshrobj -o /apps/mom/oc/nightly_view/MOM_OC/li > b/libtestfips630.so test.o > /apps/fips_build/fips-1.2-install/lib/fipscanister.o > /apps/fips_build/fips-1.2-install/lib/libcrypto.so... > >
Try running test/fips_test_suite on the validated tarball and 0.9.8j... if that fails in a similar way then most likely cause is a compiler bug. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
