Re: openssl-fips-1.1.2 "make install" fails in fips-1.0/Makefile for hpux64-ia64-cc HP-UX 11

Mon, 05 May 2008 07:10:55 -0700 

Welling, Conrad Gerhart wrote:

Steve:
Here 'tis:
------------------------------------------------------------------------------- 
Makefile
------------------------------------------------------------------------------- 
FIPSPROD = openssl-fips-1.1.2.tar
FIPSDIR = openssl-fips-1.1.2

all:    fips-build

$(FIPSDIR): $(FIPSPROD)
        tar xf $(FIPSPROD)

fips-build: $(FIPSDIR)
        export PATH=/usr/local/bin:$$PATH; \
        cd $(FIPSDIR); \
        ./config fips > x.config-fips 2>&1 ; \
        make > x.make 2>&1


Can't see anything wrong here ... we know gcc isn't in /usr/local/.


...
------------------------------------------------------------------------------- 
x.make (tail -51 x.make)
Notes
1. Re: "cc: warning 422: Unknown option "-nostdlib" ignored."
Looks like the fips-1.0/Makefile is configured to use gcc since it includes the gcc "-nostdlib" option in "set -x; $(CC) $(CFLAGS) -r -nostdlib -o $@ $$objs ; \. 
   The HP-C compiler (not bundled one) doesn't have the -nostdlib option.
------------------------------------------------------------------------------- 
...
cc: warning 422: Unknown option "-nostdlib" ignored.
...
/usr/ccs/bin/ld: Duplicate symbol "$global$" in files /opt/langtools/lib/crt0.o and ../libcrypto.a(fip 
scanister.o)
/usr/ccs/bin/ld: Duplicate symbol "$START$" in files /opt/langtools/lib/crt0.o and ../libcrypto.a(fips 
canister.o)
/usr/ccs/bin/ld: Duplicate symbol "$ARGV" in files /opt/langtools/lib/crt0.o and ../libcrypto.a(fipsca
Ah, these duplicates are for symbols in libc, which the "-nostdlib" would omit for the call to the linker. It probably would not be hard to tweak the link voodoo to make this work (Andy Polyakov would know), but not without modifying the build commands and thus violating the conditions of the Security Policy. For now you're stuck with gcc, I'm afraid.
I'll see if we can't address this for future validations (the pending v1.2 is too far along to change) if you or others can do the HP compiler test. Although ... just in case, can you try this for v1.2 (ftp://ftp.openssl.org/snapshot/openssl-fips-test-1.2.0.tar.gz)? The canonical build commands for v1.2 are "./config fipscanisterbuild; make". 

-Steve M.

--
Steve Marquess
Open Source Software Institute
[EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to