On Nov 1, 2011, at 4:34 PM, Bill Durant wrote: > On Nov 1, 2011, at 4:23 PM, Dr. Stephen Henson wrote: >> On Tue, Nov 01, 2011, Bill Durant wrote: >> >>> Hello, >>> >>> What is the procedure for building a FIPS-capable OpenSSL snapshot on >>> Ubuntu 8.04.4 LTS from the following snapshots: >>> >> >> >>> ftp://ftp.openssl.org/snapshot/openssl-1.0.1-stable-SNAP-20111031.tar.gz >>> >>> ftp://ftp.openssl.org/snapshot/openssl-fips-2.0-test-20111031.tar.gz >>> >>> When I try to build it, I get the following compilation error: >>> >>> ====== >>> In file included from hm_pmeth.c:64: >>> ../evp/evp_locl.h:359:1: error: "SHA1_Init" redefined >>> In file included from /tmp/foo/include/openssl/crypto.h:151, >>> from ../cryptlib.h:72, >>> from hm_pmeth.c:59: >>> /tmp/foo/include/openssl/fipssyms.h:456:1: error: this is the location of >>> the previous definition >>> ====== >>> >>> $ ./config fipscanisterbuild no-asm >>> ... >>> ... >>> Configured for linux-elf. >>> >> >> Avoid no-asm: currently no one wants a C only platform so it wont be a >> supported platform. It will be *much* slower. > > > OK > > >> >>> >>> $ ./config fips --prefix=$FIPSDIR no-idea no-mdc2 no-rc5 no-asm >>> ... >>> ... >>> Since you've disabled or enabled at least one algorithm, you need to do >>> the following before building: >>> >>> make depend >>> >> >> Don't do "make depend" it gets a bit confused. Just doing "make" should work >> fine. >> >> Steve. > > > When I skip doing 'make depend' and just do 'make' I get the following > compilation error: > > gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC > -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H > -Wa,--noexecstack -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall > -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT > -I/tmp/foo/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM > -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM -c -o e_bf.o e_bf.c > make[2]: *** No rule to make target `../../include/openssl/idea.h', needed by > `e_idea.o'. Stop. > make[2]: Leaving directory > `/home/bdurant/svn/trunk/Crypto/Linux/openssl-1.0.1-stable-SNAP-20111031/crypto/evp' > make[1]: *** [subdirs] Error 1 > make[1]: Leaving directory > `/home/bdurant/svn/trunk/Crypto/Linux/openssl-1.0.1-stable-SNAP-20111031/crypto' > make: *** [build_crypto] Error 1 > > What else am I missing? > > Thanks, > > Bill
I hacked my way thru this compilation error with the following: $ cd openssl-1.0.1-stable-SNAP-20111031 $ ./config fips --prefix=/tmp/foo no-idea no-mdc2 no-rc5 shared $ cp crypto/mdc2/*.h include/openssl $ cp crypto/idea/*.h include/openssl $ make Let me know if there is something wrong with doing that. Bill > > >> -- >> Dr Stephen N. Henson. OpenSSL project core developer. >> Commercial tech support now available see: http://www.openssl.org >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org