<html>
<head>
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi,</p>
<p>I work for Dell and we have developed our own FIPS canister. I'm
trying to build openssl 1.0.2k from Jessie-backports with fips
support and link our FIPS canister to it. So I basically did the
following:</p>
<blockquote>
<p><tt>dget -x
<a class="moz-txt-link-freetext" href="http://http.debian.net/debian/pool/main/o/openssl/openssl_1.0.2k-1~bpo8+1.dsc">http://http.debian.net/debian/pool/main/o/openssl/openssl_1.0.2k-1~bpo8+1.dsc</a></tt><tt><br>
</tt><tt>dpkg-source -x ./openssl_1.0.2k-1~bpo8+1.dsc</tt><tt><br>
</tt><tt>cd ./openssl-1.0.2k</tt></p>
</blockquote>
<p>Then I edit <tt>./debian/rules</tt> and change <tt>CONFARGS</tt>
as follows:</p>
<p>From:<br>
</p>
<blockquote><tt>CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl
--libdir=lib/$(DEB_HOST_MULTIARCH) <b>no-idea no-mdc2 no-rc5
no-zlib enable-tlsext no-ssl2 no-ssl3</b></tt></blockquote>
<p>To:<br>
</p>
<blockquote><tt>CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl
--libdir=lib/$(DEB_HOST_MULTIARCH) <b>fips
--with-fipsdir=${DELL-CANISTER-DIR}/Debian/openssl/fips</b></tt><br>
</blockquote>
Then I try to build with: <br>
<blockquote>
<p><tt>fakeroot ./debian/rules binary</tt><br>
</p>
</blockquote>
<p>But I get these errors: <br>
</p>
<blockquote>
<p><tt>make -f ../Makefile.shared -e \</tt><tt><br>
</tt><tt> APPNAME=openssl OBJECTS="openssl.o verify.o
asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o
errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o
dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o
s_server.o s_client.o speed.o s_time.o apps.o s_cb.o
s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o
pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o
cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o" \</tt><tt><br>
</tt><tt> LIBDEPS=" $LIBRARIES -ldl" \</tt><tt><br>
</tt><tt> link_app.${shlib_target}</tt><tt><br>
</tt><tt>make[3]: Entering directory
'/home/mbelanger/openssl/openssl-1.0.2k/apps'</tt><tt><br>
</tt><tt>speed.o: In function `speed_main':</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1291:
undefined reference to `private_DES_set_key_unchecked'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1292:
undefined reference to `private_DES_set_key_unchecked'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1293:
undefined reference to `private_DES_set_key_unchecked'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1296:
undefined reference to `private_AES_set_encrypt_key'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1297:
undefined reference to `private_AES_set_encrypt_key'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1298:
undefined reference to `private_AES_set_encrypt_key'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1301:
undefined reference to `private_Camellia_set_key'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1302:
undefined reference to `private_Camellia_set_key'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1303:
undefined reference to `private_Camellia_set_key'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1306:
undefined reference to `private_idea_set_encrypt_key'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1309:
undefined reference to `private_SEED_set_key'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1312:
undefined reference to `private_RC4_set_key'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1315:
undefined reference to `private_RC2_set_key'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1321:
undefined reference to `private_BF_set_key'</tt><tt><br>
</tt><tt>/home/mbelanger/openssl/openssl-1.0.2k/apps/speed.c:1324:
undefined reference to `private_CAST_set_key'</tt><tt><br>
</tt><tt>collect2: error: ld returned 1 exit status</tt><tt><br>
</tt><tt>../Makefile.shared:171: recipe for target
'link_app.gnu' failed</tt><tt><br>
</tt><tt>make[3]: *** [link_app.gnu] Error 1</tt><tt><br>
</tt><tt>make[3]: Leaving directory
'/home/mbelanger/openssl/openssl-1.0.2k/apps'</tt><tt><br>
</tt><tt>Makefile:156: recipe for target 'openssl' failed</tt><tt><br>
</tt><tt>make[2]: *** [openssl] Error 2</tt><tt><br>
</tt><tt>make[2]: Leaving directory
'/home/mbelanger/openssl/openssl-1.0.2k/apps'</tt><tt><br>
</tt><tt>Makefile:294: recipe for target 'build_apps' failed</tt><tt><br>
</tt><tt>make[1]: *** [build_apps] Error 1</tt><tt><br>
</tt><tt>make[1]: Leaving directory
'/home/mbelanger/openssl/openssl-1.0.2k'</tt><tt><br>
</tt><tt>debian/rules:53: recipe for target 'build-stamp' failed</tt><tt><br>
</tt><tt>make: *** [build-stamp] Error 2</tt><br>
</p>
</blockquote>
<p>Did I miss anything? Any "configure" arguments missing?<br>
</p>
<p>By the way, I successfully did the same thing with the upstream
openssl 1.0.2k code. That is, I downloaded openssl 1.0.2k with <code
class="bash plain" style="font-family: Consolas, "Bitstream
Vera Sans Mono", "Courier New", Courier,
monospace; border-radius: 0px; background: 0px center rgb(255,
255, 255); border: 0px; bottom: auto; float: none; height: auto;
left: auto; line-height: 20px; margin: 0px; outline: 0px;
overflow: visible; padding: 0px; position: static; right: auto;
text-align: left; top: auto; vertical-align: baseline; width:
auto; box-sizing: content-box; font-weight: normal; font-style:
normal; font-size: 14px; min-height: inherit; color: rgb(0, 0,
0) !important; font-variant-ligatures: normal;
font-variant-caps: normal; letter-spacing: normal; orphans: 2;
text-indent: 0px; text-transform: none; white-space: nowrap;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">wget
http:</code><code class="bash plain" style="font-family:
Consolas, "Bitstream Vera Sans Mono", "Courier
New", Courier, monospace; border-radius: 0px; background:
0px center rgb(255, 255, 255); border: 0px; bottom: auto; float:
none; height: auto; left: auto; line-height: 20px; margin: 0px;
outline: 0px; overflow: visible; padding: 0px; position: static;
right: auto; text-align: left; top: auto; vertical-align:
baseline; width: auto; box-sizing: content-box; font-weight:
normal; font-style: normal; font-size: 14px; min-height:
inherit; color: rgb(0, 0, 0) !important; font-variant-ligatures:
normal; font-variant-caps: normal; letter-spacing: normal;
orphans: 2; text-indent: 0px; text-transform: none; white-space:
nowrap; widows: 2; word-spacing: 0px; -webkit-text-stroke-width:
0px;">//www</code><code class="bash plain" style="font-family:
Consolas, "Bitstream Vera Sans Mono", "Courier
New", Courier, monospace; border-radius: 0px; background:
0px center rgb(255, 255, 255); border: 0px; bottom: auto; float:
none; height: auto; left: auto; line-height: 20px; margin: 0px;
outline: 0px; overflow: visible; padding: 0px; position: static;
right: auto; text-align: left; top: auto; vertical-align:
baseline; width: auto; box-sizing: content-box; font-weight:
normal; font-style: normal; font-size: 14px; min-height:
inherit; color: rgb(0, 0, 0) !important; font-variant-ligatures:
normal; font-variant-caps: normal; letter-spacing: normal;
orphans: 2; text-indent: 0px; text-transform: none; white-space:
nowrap; widows: 2; word-spacing: 0px; -webkit-text-stroke-width:
0px;">.openssl.org</code><code class="bash plain"
style="font-family: Consolas, "Bitstream Vera Sans
Mono", "Courier New", Courier, monospace;
border-radius: 0px; background: 0px center rgb(255, 255, 255);
border: 0px; bottom: auto; float: none; height: auto; left:
auto; line-height: 20px; margin: 0px; outline: 0px; overflow:
visible; padding: 0px; position: static; right: auto;
text-align: left; top: auto; vertical-align: baseline; width:
auto; box-sizing: content-box; font-weight: normal; font-style:
normal; font-size: 14px; min-height: inherit; color: rgb(0, 0,
0) !important; font-variant-ligatures: normal;
font-variant-caps: normal; letter-spacing: normal; orphans: 2;
text-indent: 0px; text-transform: none; white-space: nowrap;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">/source/openssl-1</code><code
class="bash plain" style="font-family: Consolas, "Bitstream
Vera Sans Mono", "Courier New", Courier,
monospace; border-radius: 0px; background: 0px center rgb(255,
255, 255); border: 0px; bottom: auto; float: none; height: auto;
left: auto; line-height: 20px; margin: 0px; outline: 0px;
overflow: visible; padding: 0px; position: static; right: auto;
text-align: left; top: auto; vertical-align: baseline; width:
auto; box-sizing: content-box; font-weight: normal; font-style:
normal; font-size: 14px; min-height: inherit; color: rgb(0, 0,
0) !important; font-variant-ligatures: normal;
font-variant-caps: normal; letter-spacing: normal; orphans: 2;
text-indent: 0px; text-transform: none; white-space: nowrap;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">.0.2k.</code><code
class="bash functions" style="font-family: Consolas,
"Bitstream Vera Sans Mono", "Courier New",
Courier, monospace; border-radius: 0px; background: 0px center
rgb(255, 255, 255); border: 0px; bottom: auto; float: none;
height: auto; left: auto; line-height: 20px; margin: 0px;
outline: 0px; overflow: visible; padding: 0px; position: static;
right: auto; text-align: left; top: auto; vertical-align:
baseline; width: auto; box-sizing: content-box; font-weight:
normal; font-style: normal; font-size: 14px; min-height:
inherit; color: rgb(255, 20, 147) !important;
font-variant-ligatures: normal; font-variant-caps: normal;
letter-spacing: normal; orphans: 2; text-indent: 0px;
text-transform: none; white-space: nowrap; widows: 2;
word-spacing: 0px; -webkit-text-stroke-width: 0px;">tar</code><code
class="bash plain" style="font-family: Consolas, "Bitstream
Vera Sans Mono", "Courier New", Courier,
monospace; border-radius: 0px; background: 0px center rgb(255,
255, 255); border: 0px; bottom: auto; float: none; height: auto;
left: auto; line-height: 20px; margin: 0px; outline: 0px;
overflow: visible; padding: 0px; position: static; right: auto;
text-align: left; top: auto; vertical-align: baseline; width:
auto; box-sizing: content-box; font-weight: normal; font-style:
normal; font-size: 14px; min-height: inherit; color: rgb(0, 0,
0) !important; font-variant-ligatures: normal;
font-variant-caps: normal; letter-spacing: normal; orphans: 2;
text-indent: 0px; text-transform: none; white-space: nowrap;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">.gz</code>
and built it with the same "configure" options I listed above and
that worked. So I'm not sure why it doesn't work when I try with
Jessie-backports.</p>
<p>Thanks,</p>
<p>Martin Belanger<br>
Sr. Engineer<br>
Dell EMC.<br>
</p>
<p><br>
</p>
</body>
</html>