On Thu, Feb 15, 2007, David Hartman wrote: > Hi Chris, Wei, > > The normal OpenSSL config and build scripts seem to be different from > the FIPS one. My original attempts at building FIPS didn't run into a > problem until the steps to link fipscannister.o itself. This wouldn't be > an issue with the normal OpenSSL distribution. > > Here is procedure that worked for me. I was able to build this on > Solaris by performing the following steps: > > 1) Install GCC and GNU's linker. Configure GCC to use GNU's linker > (/usr/ccs/bin/ld will not work). My binary distribution of GCC required > me to create a symbolic link to the GNU's ld. GCC can be built with > appropriate flags so that this is not necessary. > 3) Download opens-fips-1.1.1. Check the digest to make sure it is > accurate as described in the User Guide for FIPS 1.0. > > 4) Unzip/untar the fips distribution > > 5) Run "./config fips". Make sure that the output says it will use gcc. > Note that "fips" was the only argument I passed to config. > > 6) Run "make". > > 7) Run "make install". > > 8) FIPS objects will be in /usr/local/ssl/lib. >
A couple of quick notes. The user guide will be updated shortly with new build instructions. These differ slightly from the 1.0 module. Firstly you *MUST* build the 1.1.1 validate sources using the following commands: ./config fips make make install You are specifically prohibited from including any other options. If additional options are specified it is a violation of the security policy and the resulting module is not validated. In order to link fipscanister.o against a newer version of OpenSSL 0.9.7 you must currently use a recent 0.9.7 snapshot. No released versions of OpenSSL 0.9.7 are yet compatible with the new module. The Windows build procedure has also changed somewhat. Details will be in the user guide. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
