Welling, Conrad Gerhart wrote:
Steve:
Here 'tis:
-------------------------------------------------------------------------------
Makefile
-------------------------------------------------------------------------------
FIPSPROD = openssl-fips-1.1.2.tar
FIPSDIR = openssl-fips-1.1.2
all: fips-build
$(FIPSDIR): $(FIPSPROD)
tar xf $(FIPSPROD)
fips-build: $(FIPSDIR)
export PATH=/usr/local/bin:$$PATH; \
cd $(FIPSDIR); \
./config fips > x.config-fips 2>&1 ; \
make > x.make 2>&1
Can't see anything wrong here ... we know gcc isn't in /usr/local/.
...
-------------------------------------------------------------------------------
x.make (tail -51 x.make)
Notes
1. Re: "cc: warning 422: Unknown option "-nostdlib" ignored."
Looks like the fips-1.0/Makefile is configured to use gcc since it
includes
the gcc "-nostdlib" option in "set -x; $(CC) $(CFLAGS) -r -nostdlib
-o $@ $$objs ; \.
The HP-C compiler (not bundled one) doesn't have the -nostdlib option.
-------------------------------------------------------------------------------
...
cc: warning 422: Unknown option "-nostdlib" ignored.
...
/usr/ccs/bin/ld: Duplicate symbol "$global$" in files
/opt/langtools/lib/crt0.o and ../libcrypto.a(fip
scanister.o)
/usr/ccs/bin/ld: Duplicate symbol "$START$" in files
/opt/langtools/lib/crt0.o and ../libcrypto.a(fips
canister.o)
/usr/ccs/bin/ld: Duplicate symbol "$ARGV" in files
/opt/langtools/lib/crt0.o and ../libcrypto.a(fipsca
Ah, these duplicates are for symbols in libc, which the "-nostdlib"
would omit for the call to the linker. It probably would not be hard to
tweak the link voodoo to make this work (Andy Polyakov would know), but
not without modifying the build commands and thus violating the
conditions of the Security Policy. For now you're stuck with gcc, I'm
afraid.
I'll see if we can't address this for future validations (the pending
v1.2 is too far along to change) if you or others can do the HP compiler
test. Although ... just in case, can you try this for v1.2
(ftp://ftp.openssl.org/snapshot/openssl-fips-test-1.2.0.tar.gz)? The
canonical build commands for v1.2 are "./config fipscanisterbuild; make".
-Steve M.
--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]