On Thu, Jul 23, 2009, Michael Kurecka wrote:
> Just to be clear
>
> my current config is:
> ./config fipscanisterbuild no-asm (in the FIPS 1.2 directory)
> make
> ./config fips (in the 0.9.8k directory)
> make
>
> I attempted:
> ./config -d fipscanisterbuild no-asm (in the FIPS 1.2 directory)
> make
> ./config -d fips (in the 0.9.8k directory)
> make
>
> but it said that debug-linux-generic32 was not supported so I figure this is
> what I should try:
> ./Configure debug-linux-elf fipscanisterbuild no-asm (in the FIPS 1.2
> directory)
> make
> ./config debug-linux-elf fips (in the 0.9.8k directory)
> make
>
You don't need to bother with the 1.2 tarball for this. Since the result isn't
validated you might as well use 0.9.8k for everything: it's one less OpenSSL
distro to compile up.
I'd suggest:
./Configure debug-linux-elf-noefence fipscanisterbuild
You can add no-asm if you wish too.
[AGAIN FOR SOMEONE READING THIS OUT OF CONTEXT: this is being done for debug
purposes and will NOT result in a validated module(*)]
> and comment out this code in fips.c (do I do that both the fips module 1.2
> and 0.9.8k or one or the other)
>
> if(!FIPS_check_incore_fingerprint())
> {
> fips_selftest_fail = 1;
> ret = 0;
> goto end;
> }
> Is that right?
Just 0.9.8k as the 1.2 tarball isn't being used at all for this.
Steve.
* If anyone thinks this is paranoid you should see some of the stuff that gets
"adopted" all over the place. I'm still expecting some cookbook somewhere to
snip this, the disclaimer and my name and claim it is the definitive thing
to do.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
