Hi,
We are trying to use FIPS in our product and have been successful for
Windows, Linux (on x86) and on Solaris. We are also trying Linux on S390.
Following the (very specific) instructions to build FIPS, we get an error.
First we execute 'config fips' (as required), no problem there, it
configures for 'linux-s390'.
But when we follow with the required 'make', all seems OK, but when the
openssl executable is being linked through the 'fipsld' link-script, the
following happens:
make[1]: Entering directory
`/mnt/vhibld/66/dev/atoem/openssl/Build-fips-product/openssl-fips-1.1.2/apps'
rm -f openssl
+ ../fips-1.0/fipsld -o openssl -DMONOLITH -I.. -I../include
-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_D
FCN_H -DOPENSSL_NO_KRB5 -DB_ENDIAN -DTERMIO -DNO_ASM -O3
-fomit-frame-pointer -Wall openssl.o verify.o asn1pars.o req.o
dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o
crl.o rsa.o rsautl.o dsa.o dsaparam.o x509.
genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o
s_socket.o app_rand.o version.o sess_id.o ciphe
s.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o
../libssl.a ../libcrypto.a -ldl
FIPS_text_start() returns NULL
unable to collect signature
make[1]: *** [openssl] Error 1
make[1]: Leaving directory
`/mnt/vhibld/66/dev/atoem/openssl/Build-fips-product/openssl-fips-1.1.2/apps'
make: *** [sub_all] Error 1
My question is, is this something we can get fixed ourselves, I doubt it, as
changing anything will invalidate the FIPS validation. Or is this something
that has not been 'done' by the FIPS development team.
I'm afraid I have to convince my management that if it can't be done, why
that is.
I know Linux on S390 is not on the list of platforms that have been
confirmed to work (and tested).
If that's all there is to it, so be it, but I need to have that confirmed.
I know there has been a similar question on this subject (FIPS 1.0 on RedHat
on S390, back in 2006), but there was no reply, so I've given it another go.
Any help would be much appreciated.
Thanks,
Arie Plugge
Configuration / Release Engineer
Attachmate
--
View this message in context:
http://www.nabble.com/Building-FIPS-1.1.2-on-SuSe-9-on-S390%3A-Unable-to-collect-signature-tp17315175p17315175.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
