'no-asm' used to be a violation of the security policy with the 1.1.x series, but it is explicitly allowed in the 1.2 policy.
If you read it, you too will see this. :) -Kyle H On Fri, Jan 9, 2009 at 3:13 PM, PGNet <pgnet.trash+...@gmail.com> wrote: > Kyle, > > On Fri, Jan 9, 2009 at 2:37 PM, Kyle Hamilton <aerow...@gmail.com> wrote: >> Delete the directory, untar it fresh, and reconfigure with that config line. > > ok, > >> rm -rf openssl-fips-1.2 >> tar zxf openssl-fips-1.2.tar.gz >> cd openssl-fips-1.2/ > Directory: /usr/local/src/openssl/openssl-fips-1.2 >> ./config fipscanisterbuild no-asm > Operating system: i686-whatever-linux2 > Configuring for linux-elf > Configuring for linux-elf > no-asm [option] OPENSSL_NO_ASM > ... > make[1]: Nothing to be done for `all'. > make[1]: Leaving directory `/usr/local/src/openssl/openssl-fips-1.2/tools' >> > >> What you're seeing is a situation caused by prior builds not being >> completely cleaned. The problem is that if you do anything that isn't >> in the security policy (including 'make clean'), the result cannot be >> claimed to be FIPS-validated. > > got it. but it poses an interesting quandary ... isn't adding "no-asm" > (or anything, for that matter) to the command line in violation of the > security policy as well? > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
