On Thu, Jan 8, 2009 at 7:58 AM, Dr. Stephen Henson <st...@openssl.org> wrote:
> If you want to move the validated module elsewhere afterwards you can do
> provided you keep to the permission requirements of the security policy.
>
> Once you've installed the validated module you can then use OpenSSL 0.9.8j to
> build a usable version of OpenSSL which links against the validated module.
OK. Juggling a bit, I get a finished openssl+fips build.
Doing instead,
cd /usr/local/src/openssl/openssl-fips-*
./config fipscanisterbuild
make
make install
mv /usr/local/ssl/fips-1* /usr/local/ssl-fips
then, as above,
cd /usr/local/src/openssl/openssl-0.9.8j
...
./config fips fips --with-fipslibdir=/usr/local/ssl-fips/lib ...
make depend
...
makedepend: warning: cannot open "ppc"
making depend in ssl...
makedepend: warning: cannot open "ppc"
making depend in engines...
makedepend: warning: cannot open "ppc"
making depend in apps...
makedepend: warning: cannot open "ppc"
making depend in test...
makedepend: warning: cannot open "ppc"
making depend in tools...
make[1]: Nothing to be done for `depend'.
then,
make
now completes with a few warnings, but no apparent errors,
...
/usr/local/ssl-fips/lib/fips_premain.c: In function
'FINGERPRINT_premain':
/usr/local/ssl-fips/lib/fips_premain.c:94: warning: incompatible
implicit declaration of built-in function '_exit'
/usr/local/ssl-fips/lib/fips_premain.c:109: warning: incompatible
implicit declaration of built-in function '_exit'
/usr/local/ssl-fips/lib/fips_premain.c:115: warning: incompatible
implicit declaration of built-in function '_exit'
/usr/local/ssl-fips/lib/fips_premain.c: In function
'FINGERPRINT_premain':
/usr/local/ssl-fips/lib/fips_premain.c:94: warning: incompatible
implicit declaration of built-in function '_exit'
/usr/local/ssl-fips/lib/fips_premain.c:109: warning: incompatible
implicit declaration of built-in function '_exit'
/usr/local/ssl-fips/lib/fips_premain.c:115: warning: incompatible
implicit declaration of built-in function '_exit'
...
checking the build,
make test
make report
cat testlog
returns correctly (I think ...),
cat testlog
OpenSSL self-test report:
OpenSSL version: 0.9.8j
Last change: Properly check EVP_VerifyFinal() and similar return val...
Options: --prefix=/usr/local/ssl
--openssldir=/usr/local/ssl enable-shared fips
--with-fipslibdir=/usr/local/ssl-fips/lib -DUSE_TOD enable-threads
enable-idea enable-rc5 enable-mdc2 enable-sha1 enable-sha256
enable-sha384 enable-sha512 enable-rmd160 -L/usr/local/lib enable-zlib
no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-montasm
no-rfc3779 no-seed no-zlib-dynamic
OS (uname): Darwin ws.local 9.6.0 Darwin Kernel Version 9.6.0:
Mon Nov 24 17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power
Macintosh
OS (config): ppc-apple-darwinDarwin Kernel Version 9.6.0: Mon
Nov 24 17:39:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC
Target (default): darwin-ppc-cc
Target: darwin-ppc-cc
Compiler: Using built-in specs.
Target: powerpc-apple-darwin9
Configured with: /var/tmp/gcc_42/gcc_42-5566~1/src/configure
--disable-checking --enable-werror --prefix=/usr
--mandir=/usr/share/man --enable-languages=c,objc,c++,obj-c++
--program-transform-name=/^[cg][^.-]*$/s/$/-4.2/
--with-slibdir=/usr/lib --build=i686-apple-darwin9
--with-gxx-include-dir=/usr/include/c++/4.0.0 --program-prefix=
--host=powerpc-apple-darwin9 --target=powerpc-apple-darwin9
Thread model: posix
gcc version 4.2.1 (Apple Inc. build 5566)
Test passed.
& after
make install
i finally end up with,
openssl version
OpenSSL 0.9.8j-fips 07 Jan 2009
thanks!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
