Hello All, I having some problem building FIPS capable openssl static library in OS X.
My System configuration: Darwin 12.3.0 Darwin Kernel Version 12.3.0: Sun Jan 6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64 x86_64 fipscanister build is successful. Following are steps I did: 1) ./config no-asm Configured for darwin-i386-cc. 2) make 3) make install Installed at /usr/local/ssl/fips-2.0 openssl build fails. I'm using openssl version 1.0.1c 1) ./config fips Configured for darwin-i386-cc. 2) make I'm getting a link error in this step rm -f openssl shlib_target=; if [ -n "" ]; then \ shlib_target="darwin-shared"; \ elif [ -n "libcrypto" ]; then \ FIPSLD_CC="cc"; CC=/usr/local/ssl/fips-2.0/bin/fipsld; export CC FIPSLD_CC; \ fi; \ LIBRARIES="-L.. -lssl -L.. -lcrypto" ; \ make -f ../Makefile.shared -e \ APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o" \ LIBDEPS="-Wl,-search_paths_first $LIBRARIES " \ link_app.${shlib_target} ( :; LIBDEPS="${LIBDEPS:--Wl,-search_paths_first -L.. -lssl -L.. -lcrypto }"; LDCMD="${LDCMD:-/usr/local/ssl/fips-2.0/bin/fipsld}"; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o ${LIBDEPS} ) Undefined symbols for architecture i386: "_FIPS_rodata_end", referenced from: _FIPS_incore_fingerprint in fipscanister.o _FIPS_check_incore_fingerprint in fipscanister.o "_FIPS_rodata_start", referenced from: _FIPS_incore_fingerprint in fipscanister.o _FIPS_check_incore_fingerprint in fipscanister.o "_FIPS_text_end", referenced from: _FIPS_incore_fingerprint in fipscanister.o "_FIPS_text_start", referenced from: _FIPS_incore_fingerprint in fipscanister.o _FIPS_check_incore_fingerprint in fipscanister.o _FINGERPRINT_premain in fips_premain-fotYPT.o ld: symbol(s) not found for architecture i386 Looks to me it is a bug in the makefile. When it tries to build the openssl executable, it didn't compile the fips_premain.c and include it in the build. I'm just starting to look in to the makefile. But if any one already solved this problem I would really appreciate if you could share it. Thanks Regards, Raghav