Yeah. You're violating the Security Policy of the FIPS-validated module, and thus you will NEVER get a validated build. READ THE SECURITY POLICY.
You need to use './config fipscanisterbuild' or './config fipscanisterbuild no-asm'. If you don't use one of these configs, you're not going to get a validated build out of it. Further, you don't use '--with-fipslibdir=$fipslibdir' -- if you used 'make install' from the FIPS validated build, 0.9.8j will automatically use the standard FIPS module installation path. (You're essentially passing '--with-fipslibdir=', which screws up where it looks for the module for the build.) Read the security policy, and read the user guide. If you don't, and you continue asking questions that show that you haven't, you're unlikely to get any more or more useful answers. -Kyle H On Thu, Jan 22, 2009 at 3:02 AM, rajan chittil <rajanchit...@gmail.com> wrote: > > Hi All, > > Can any one tell me please where i am going wrong . > > Thanks > > Rajan > On Wed, Jan 21, 2009 at 11:52 PM, joshi chandran > <joshichandran...@gmail.com> wrote: >> >> I have used the same security policy step . >> >> openssl fips 1.2 >> 1. ./Configure fipscansiterbuild aix-cc >> 2. make >> 3. make install >> >> openssl 9.8j >> 1. ./Configure -DSSL_ALLOW_ADH --prefix=/usr --openssldir=/var/ssl >> --with-fipslibdir=$fipslibdir fips no-idea no-rc5 no-ec no-symlinks shared >> threads aix-xlc_r >> 2. make >> 3. make test >> >> Can u please tell me where i have gone wrong >> >> Thanks >> >> Rajan >> On Wed, Jan 21, 2009 at 10:50 PM, Dr. Stephen Henson <st...@openssl.org> >> wrote: >>> >>> On Wed, Jan 21, 2009, rajanchittil wrote: >>> >>> > >>> > Hi All, >>> > >>> > I am new to openssl and i am first time building openssl source code . >>> > >>> > I have build openssl fips 1.2 >>> > >>> > ./Configure fipscansiterbuild aix-cc >>> > make >>> > >>> > It generated the fips module >>> > >>> >>> That build procedure violates the security policy so the result is not >>> validated. >>> >>> Steve. >>> -- >>> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage >>> OpenSSL project core developer and freelance consultant. >>> Homepage: http://www.drh-consultancy.demon.co.uk >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> User Support Mailing List openssl-users@openssl.org >>> Automated List Manager majord...@openssl.org >> >> >> >> -- >> Regards >> Joshi Chandran > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
