Re: build without ECC

Wed, 23 Jan 2013 10:30:23 -0800 

On Wed, Jan 23, 2013, Zeke Evans wrote:

> Hi,
> 
> I'm getting compilation errors trying to build 1.0.1c with fips-2.0 on
> Windows without ECC.  It looks like by default ?no-ecdh? and
> ?no-ecdsa? are set, but libeay.dll shows several EC* symbols being
> exported.  When I add ?no-ec? as a parameter to the Configure script
> the build fails early on with this error:
> 
> perl Configure VC-WIN64A no-ec fips --with-fipslibdir...
> 
>         cl /Fotmp32dll\o_fips.obj  -Iinc32 -Itmp32dll /MD /Ox
> -DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -Gy -nologo
> -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE
> -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2
> -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m
> -I\usr\local\ssl\fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
> -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
> -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5
> -DOPENSSL_NO_KRB5 -DOPENSSL_NO_EC -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ECDH
> -DOPENSSL_NO_GOST -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE
> -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/lib -D_WINDLL
> -DOPENSSL_BUILD_SHLIBCRYPTO -c .\crypto\o_fips.c
> o_fips.c
> c:\source\1.0.1c\inc32\openssl/ec.h(82) : fatal error C1189: #error :
> EC is disabled.
> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
> Studio 10.0\VC\BIN\x86_amd64\cl.EXE"' : return code '0x2'
> Stop.
> 
> Is it possible to build with fips-2.0 and disable ECC?  I realize ecdh
> and ecdsa are disabled, but I am concerned about licencing issues
> since there are several ECC symbols still being exported.
> 

There is no option to disable EC in the FIPS module itself so that would still
include EC functionality even if you completely disable it in the FIPS capable
OpenSSL.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to