openssl-users:
Has anyone tried building FIPS-capable openssl-1.0.1c on HP PA-RISC 2.0?
If so, please give me a clue.
I can build the FIPS Object Module and link it, but, attempts to use
FIPS algs fail although non-FIPS algs work.
Following is brief description of test with hmac.c example from Users
Guide.
###
### Platform
###
HP 9000 C3600 C-Class Workstation
PA-8600 Processor (64-bit)
HP-UX 11i
uname -a: HP-UX smirnov B.11.11 U 9000/785 2003396480 unlimited-user
license
gcc-4.7.0
###
### Configure for FIPS Object Module OK.
###
...
CC =gcc
CFLAG =-DOPENSSL_FIPSCANISTER -fPIC -DOPENSSL_PIC
-DOPENSSL_THREADS -DDSO_DL -D_REENTRANT -march=2.0 -O3 -D_REENTRANT
EX_LIBS =-Wl,+s -ldld
...
PROCESSOR =
RANLIB =/barrel/E2E/dhp/hp-gcc-4.7.0/bin/ranlib
ARFLAGS =
PERL =/usr/local/bin/perl5.8.8
SIXTY_FOUR_BIT mode
DES_PTR used
DES_RISC1 used
...
Configured for hpux-parisc2-gcc.
...
###
### Build FIPS Object Module without any problems and install to
### /usr/local/ssl/fips-2.0 OK
###
###
### Copy and modify hmac.c slightly to print more info. Then use
### following Makefile to build it OK.
###
-> cat Makefile
CC = gcc
OPENSSLDIR = /usr/local/ssl/fips-2.0
LIBCRYPTO = $(OPENSSLDIR)/lib/libcrypto.a
INCLUDES = -I$(OPENSSLDIR)/include
CMD = hmac
OBJS = $(CMD).o
$(CMD): $(OBJS)
FIPSLD_CC=$(CC) $(OPENSSLDIR)/bin/fipsld -o $(CMD) $(OBJS)
$(LIBCRYPTO)
$(OBJS): $(CMD).c
$(CC) -c $(CMD).c $(INCLUDES)
clean:
rm $(OBJS)
###
### Run hmac con FIPS
###
-> hmac -v hmac.c.old
Start main
Call FIPS_mode_set()
Memory fault(coredump)
###
### Run hmac sin FIPS
###
-> hmac -c -v hmac.c.old
Start main
Start dofile
digest:
80a97335cb60a5a8278676aa6a725f5fbeee4944
###
### Confirm digest
###
-> openssl version
OpenSSL 0.9.8g 19 Oct 2007
-> openssl dgst -sha1 -hmac etaonrishdlcupfm hmac.c.old
HMAC-SHA1(hmac.c.old)= 80a97335cb60a5a8278676aa6a725f5fbeee4944
