[openssl-users] building 0.9.8ze with fipscanister on solaris 10 fails

[Isaac Hailperin]

Just for the record: I managed to work around this by moving to the 1.0.1 branch.
It's also not straight forward (name clashes with fipscanister, see http://openssl.6102.n7.nabble.com/bn-mul-mont-fpu-multiply-defined-error-td45771.html), but I managed to get it running in fips compliant mode.

Isaac

From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Isaac Hailperin
Sent: Mittwoch, 25. Februar 2015 08:58
To: openssl-users at openssl.org
Subject: [openssl-users] building 0.9.8ze with fipscanister on solaris 10 fails

Hi,
I am trying to build openssl 0.9.8ze with fipscansiter on solaris 10 (latest patches installed). I configure like this:
./config fipscanisterbuild --prefix=${OPENSSL_BASE} --openssldir=${OPENSSL_BASE} shared

This worked until 0.9.8x, but stopped at 0.9.8y. When I try to build (make), I get

make[2]: Entering directory `/local/src/openssl-0.9.8ze/test'
Undefined                       first referenced
symbol                             in file
CRYPTO_memcmp                       ../fips/fipscanister.o
ld: fatal: symbol referencing errors. No output written to fips_shatest
collect2: ld returned 1 exit status
make[2]: *** [link_app.solaris] Error 1
make[2]: Leaving directory `/local/src/openssl-0.9.8ze/test'

It looks like it is connected to the following change in the code:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=270881316664396326c461ec7a124aec2c6cc081

Building without the fipscanister option works fine - but client regulations dictate that I use this option.

Does anyone know how I get this to work? What am I missing?

Isaac
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150303/5386c25b/attachment.html>