[openssl-users] Building OpenSSL with FIPS crypto Module Linker forking too many processes

John Foley foleyj at cisco.com
Fri Jun 5 17:42:46 UTC 2015

Well, since you're using the fips-ecp tarball, you'll need to include
no-ec2m when configuring OpenSSL 1.0.2a.  But this isn't why you're
seeing a fork error from fipsld.

I'm using Ubuntu 14.04 (Is there a 14.4?) and don't see any issue. 
However, I'm not setting CC, FIPSLD and FIPSDIR.  You shouldn't have to
set these.  Also, you're not doing a "make depend" after the config for
OpenSSL 1.0.2a. 

Here's a summary of the procedure that worked for me:

wget --no-check-certificate
wget --no-check-certificate
tar -xzvf openssl-fips-ecp-2.0.9.tar.gz
cd openssl-fips-ecp-2.0.9/
./config fipscanisteronly no-asm --prefix=/nobackup/tmp/x88/fips
make install
cd ..
tar -xzvf openssl-1.0.2a.tar.gz
cd openssl-1.0.2a/
./config fips no-ec2m no-asm --with-fipsdir=/nobackup/tmp/x88/fips
make depend
make clean

On 06/05/2015 09:23 AM, OpenSSL Curious wrote:
> I was wondering if someone has seen this issue before. I am guessing the
> problem is on my side because  can replicate it on Debian 8 and Ubuntu 14.4. 
> I am using OpenSSL 1.0.2a and the crypto module from OpenSSL ecp 2.0.9 
> env settings 
> CC=/home/myssluser/workspace/libs/openssl-fips-ecp-2.0.9/fips/fipsld 
> FIPSLD_CC=/usr/bin/gcc 
> FIPSDIR=/usr/local/ssl/fips-2.0 
> for building fips canister 
> ./config fipscanisterbuild no-asm 
> make 
> make install 
> using ./config fips no-asm 
> make 
> make install 
> This seemed to be pretty straight forward. I think i created the
> fipscanister.o correctly. Everything compiled and linked for the canister. I
> liked it to a small test app that worked. 
> I then tried to build openssl, it fine but on the last linking step the
> linker just keep forking processes out of control on both OSs until i got a
> message that the linker cannot fork any new processes. Any pointers would be
> appreciated. 
> /home/myssluser/workspace/libs/openssl-fips-ecp-2.0.9/fips/fipsld: 174:
> /home/myssluser/workspace/libs/openssl-fips-ecp-2.0.9/fips/fipsld: Cannot
> fork 
> ../Makefile.shared:164: recipe for target 'link_app.' failed 
> make[2]: *** [link_app.] Error 2 
> make[2]: Leaving directory
> '/home/myssluser/workspace/libs/openssl-1.0.2a/apps' 
> Makefile:153: recipe for target 'openssl' failed 
> make[1]: *** [openssl] Error 2 
> make[1]: Leaving directory
> '/home/myssluser/workspace/libs/openssl-1.0.2a/apps' 
> Makefile:285: recipe for target 'build_apps' failed 
> make: *** [build_apps] Error 1 
> mssluser at debian8:~/workspace/libs/openssl-1.0.2a$ 
> --
> View this message in context: http://openssl.6102.n7.nabble.com/Building-OpenSSL-with-FIPS-crypto-Module-Linker-forking-too-many-processes-tp58444p58471.html
> Sent from the OpenSSL - User mailing list archive at Nabble.com.
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list