Hi Bill, I have installed the openssl-fips-test-1.2.0 using the following commands
./config fipscanisterbuild make make install and the libraray is installed in the /usr/local/ssl and i have generated tehe fipscanister.o, fipscanister.o.sha1, fips_premain.c, fips_premian.c.sha1, lipcrypto.so now i have download openssl-0.9.8b-stable-SNAP but i am unable to compile it. I did ./config fips shared --with-fipslibdir=/usr/local/ssl/fips-1.0/lib/ --prefix=/usr/openssl-0.9.8b-SNAP make depend but i am getting the error "make: *** No rule to make target `depend`. Stop" if a use make instead of make depend then it says "make: *** No targets specified and nomake file found. Stop." Could you please tell me how to compile it ??? On 6/27/08, Bill Colvin <[EMAIL PROTECTED]> wrote: > > Rabail: In addition to the Security Policy > http://www.openssl.org/docs/fips/SecurityPolicy-1.1.2.pdf take a look at > section 4.2 of the User Guide > http://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf In particular in > section 4.2.3 when it is talking about building a FIPS-capable OpenSSL, you > use 0.9.7m at that point > > > > The steps you would use would go something like this: > > > > cd /usr/src > > tar -xvf openssl-fips-1.1.2.tar.gz > > cd openssl-fips-1.1.2 > > ./config fips > > make > > make install > > cd .. > > rm -rf openssl-fips-1.1.2 > > > > tar -xvf openssl-0.9.7m.tar.gz > > cd openssl-0.9.7m > > ./config fips --openssldir=/etc/ssl --prefix=/usr zlib-dynamic <other > options except shared> > > make depend > > make MANDIR=/usr/share/man > > make MANDIR=/usr/share/man install > > > > > > The "make depend" is only required if options selected during config > require it. A message will appear at the end of the config if it is needed. > > > > Bill > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] *On Behalf Of *rabail javed > *Sent:* June 27, 2008 9:53 AM > *To:* openssl-users@openssl.org > *Cc:* James Erskine; Rifaat Shekh-Yusef > *Subject:* Re: upgrading openssl 0.9.8b to openssl-fips-1.1.1 > > > > Thanx a lot Bill, but if i would install openssl-fips-1.1.2 , do i need > 0.9.7m with it. > > On Thu, Jun 26, 2008 at 5:00 PM, Bill Colvin <[EMAIL PROTECTED]> > wrote: > > Rabail: openssl-fips-1.1.1 is a 0.9.7 based version of openssl. > Therefore, you will be downgrading your 0.9.8b version if you choose to do > this. > > > > Also, you should be using openssl-fips-1.1.2 now not openssl-fips-1.1.1 as > it has fixed a minor problem with the earlier version. You may want to > consider working with the snapshot version openssl-fips-test-1.2.0 which is > the 0.9.8 based version that is currently undergoing FIPS examination. > > > > With regard to the process, you have to first build the fips canisters as > described in the docs. You then end up with the fips pieces in /usr/local. > > > > Then you build a fips capable version of openssl to reside in the target > directories of your choice. If you are using openssl-fips-1.1.1 then you > would do this with openssl-0.9.7m > > > > Bill > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto: > [EMAIL PROTECTED] *On Behalf Of *rabail javed > *Sent:* June 26, 2008 4:23 PM > *To:* openssl-users@openssl.org > *Cc:* James Erskine; Rifaat Shekh-Yusef > *Subject:* upgrading openssl 0.9.8b to openssl-fips-1.1.1 > > > > Hi , > > I am upgrading the openssl 0.9.8b to openssl-fips-1.1.1. For doing this i > need to delete the previous version and install the newer version according > the instructions specified in > http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp733.pdf > > By default all the files(bin, include and lib) will be installed to > /usr/local/. I dont want to install in these directories, I want to install > in the existing directories used by the 0.9.8b version which are different . > I can change the installation directory using ./config command and giving > the prefix and openssl directory of my own choice. But according to the > above document "Appendix B" i cannot give any other confiugration options. > Could you please tell me the way to install openssl-fips-1.1.1 version in > the old directories used by the openssl0.9.8b. > > > -- > Regards, > Rabail Javed > > Telecommunications Software Designer > NORTEL NETWORKS CORPORATION > Canada > cell: 1-613-242-1316 > > > > > -- > Regards, > Rabail Javed > > Telecommunications Software Designer > NORTEL NETWORKS CORPORATION > Canada > cell: 1-613-242-1316 > -- Regards, Rabail Javed Telecommunications Software Designer NORTEL NETWORKS CORPORATION Canada cell: 1-613-242-1316
