Thanks Steve. This helps a lot. One more related question: Why are the FIPS test vectors different for different platforms? It seems like Windows and Linux, for example, should both be able to encrypt the same things and produce the same outputs.
Thanks again, Tyrel On Tue, Jun 28, 2011 at 10:44 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Tue, Jun 28, 2011, Tyrel Haveman wrote: > >> All, >> >> I'm having a problem when building OpenSSL 1.0.1 along with fips-2.0. >> My layout is like this: >> /home/tyrel/openssl-test/openssl <-- contains the 1.0.1 branch from CVS >> /home/tyrel/openssl-test/fips <-- contains the extract fips-2.0 >> snapshot tarball >> >> My build steps are (from the openssl-test dir): >> >> cd fips >> ./config no-asm no-hw --prefix="/home/tyrel/openssl-test/dep" >> make >> make install >> cd .. >> >> cd openssl >> export FIPSDIR=/home/tyrel/openssl-test/dep >> export FIPSLIBDIR=/home/tyrel/openssl-test/dep/lib >> ./config fips no-asm no-hw --prefix="/home/tyrel/openssl-test/dep" >> make depend >> make >> make install >> >> The config script indicated that I should run make depend because >> "you've disabled or enabled at least one algorithm". But make depend >> is the step that is failing. Log is below. >> >> It's worth noting that even though make depend fails, I can run make >> just fine. Is make depend even necessary, then, in this case? >> > > You don't need to run "make depend". Also the steps you use above should > be changed. > > Set FIPSDIR only and no other environment variables before you even > build the test 2.0 module. You can only do: > > ./config > make > make install > > for the FIPS test 2.0 module build. No other options are permitted. In the > past no-asm was permitted but this time no one has (so far) sponsored the > C only build. > > For the FIPS capable build you can include additional options but > don't set --prefix in the FIPS capable build to the same directory as > FIPSDIR. The test 2.0 module and the FIPS capable OpenSSL should go in > different places. > > You can skip make depend. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
