How to remove prior FIPS build option

2010-01-14 Thread Charles Belov 

I attempted to build openssl using the FreeBSD port of openssl.

Options are set using make config as follows:

Options for openssl 0.9.8l_2
[ ] I386  Use optimzed assembler for 80386 


[X] SSE2  Use runtime SSE2 detection
[X] ZLIB  Build with zlib compression

and the Makefile shows

PORTVERSION=0.9.8l
PORTREVISION=   2

Whe I tried to make this a few days ago, I believe there were two 
additional options:  FIPS and SCTP.  I tried selecting SCTP, it didn't 
work, then I tried selecting FIPS, and got the error:


(after making all in crypto/pqueue...)

making all in fips...
make: don't know how to make /usr/local/ssl/fips-1.0/lib/fipscanister.o. 
Stop

*** Error code 2

Stop in /var/build/ports/security/openssl/work/openssl-0.9.8l/fips.
*** Error code 1

Stop in /var/build/ports/security/openssl/work/openssl-0.9.8l.
*** Error code 1

Stop in /ports/security/openssl.
*** Error code 1

thus killing the make.  I set it aside at that time, then came back to 
it today.  Even after doing the make config I continue to get the 
fips-related errors.


I see from the FreeBSD ports Web site that there was in fact a Makefile 
revision 1.161 yesterday to remove FIPS and SCTP support.  So I'm 
guessing that this is why I no longer see FIPS and SCTP as options.  But 
it also seems that make is holding on to my prior setting of the FIPS 
option.


So, my question is, how do I obliterate this obsolete option, so that I 
can make openssl without the FIPS error?


Thank you,
Charles Belov

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: How to remove prior FIPS build option

2010-01-14 Thread Kyle Hamilton 
You must download the openssl-fips.1.2.0.tar.gz package, and follow
the instructions in the companion Security Policy *precisely*.  That
is the only package that can build a fipscanister.o.

Once the fipscanister.o exists and is installed properly, then you can
build with the fips option.  Not before.

And to fix the fips problem in your source tree: 'make clean'

-Kyle H

On Wed, Jan 13, 2010 at 6:16 PM, Charles Belov docor...@sonic.net wrote:
 I attempted to build openssl using the FreeBSD port of openssl.

 Options are set using make config as follows:

 Options for openssl 0.9.8l_2
 [ ] I386  Use optimzed assembler for 80386
 [X] SSE2  Use runtime SSE2 detection
 [X] ZLIB  Build with zlib compression

 and the Makefile shows

 PORTVERSION=    0.9.8l
 PORTREVISION=   2

 Whe I tried to make this a few days ago, I believe there were two
 additional options:  FIPS and SCTP.  I tried selecting SCTP, it didn't work,
 then I tried selecting FIPS, and got the error:

 (after making all in crypto/pqueue...)

 making all in fips...
 make: don't know how to make /usr/local/ssl/fips-1.0/lib/fipscanister.o.
 Stop
 *** Error code 2

 Stop in /var/build/ports/security/openssl/work/openssl-0.9.8l/fips.
 *** Error code 1

 Stop in /var/build/ports/security/openssl/work/openssl-0.9.8l.
 *** Error code 1

 Stop in /ports/security/openssl.
 *** Error code 1

 thus killing the make.  I set it aside at that time, then came back to it
 today.  Even after doing the make config I continue to get the
 fips-related errors.

 I see from the FreeBSD ports Web site that there was in fact a Makefile
 revision 1.161 yesterday to remove FIPS and SCTP support.  So I'm guessing
 that this is why I no longer see FIPS and SCTP as options.  But it also
 seems that make is holding on to my prior setting of the FIPS option.

 So, my question is, how do I obliterate this obsolete option, so that I can
 make openssl without the FIPS error?

 Thank you,
 Charles Belov

 __
 OpenSSL Project                                 http://www.openssl.org
 User Support Mailing List                    openssl-us...@openssl.org
 Automated List Manager                           majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org