Thank you Marcus for the comments. Couple of notes: - My archs are Big Endian. - I was aiming for openssl1.0.2(h) since this is the LTS version.
Short recap: - *On (Linux running on) PPC64*, openssl 1.0.2h + openssl-fips-2.0.12, when both are automatically configured (using *config*) *does not build*: error when linking *libcrypto.so.1.0.0* (error described in my previous mail) - This does *not* reproduce with older versions (tried with openssl 1.0.1p + openssl-fips-2.0.5), where everything works fine. Details: when autoconfiguring both products, *ppc64-whatever-linux2* is identified by *config* and *Configure linux-ppc* is called. But in openssl-1.0.2(h), some extra processing is performed by *config* for *ppc64-*-linux2* resulting (at least for me) in adding *-m32* compiler option. So, openssl generates 32 bit code, but not openssl-fips that doesn't have this processing, and naturally when the linker tries to add the objects together, it fails. *The quick workaround* that did the trick for me was to call *./**Configure linux-ppc* for openssl-1.0.2 and skip the extra processing done by *config*. *However:* Given the fact that *Configure*'s *linux-ppc* target generates 64bit code (*ELF 64-bit MSB*), I assume that *linux-ppc64 *does the same thing, I think that the final solution should: - since *config* is a client for *Configure*, I think the extra processing done actually in (openssl-1.0.2h's) *config* should be ported to *Configure*, so the same binaries are obtained configuring using whether *config*(which calls *Configure linux-ppc*) or *Configure linux-ppc *directly. - port the extra processing to openssl-fips as well, so both products when auto configured, generate the same binaries type (linkable together). Regards, Cristi. On Tue, Jun 21, 2016 at 2:37 PM, Marcus Meissner <meiss...@suse.de> wrote: > On Tue, Jun 21, 2016 at 12:39:35PM +0300, Cristi Fati wrote: > > Hi all, > > > > I am trying to build a FIPS (2.0.12) capable OpenSSL (1.0.2h) on PPC64 > > Linux (tried RH5 and SLES12), but it fails. > > FWIW, > > The openssl packages on SLES 12 have received FIPS certificate for x86_64 > While we have not certified them on ppc64le, the same FIPS source code is > inside. > > So the SLES12 ppc64le openssl 1.0.1i is FIPS capable. > > Ciao, Marcus > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev >
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
