Browse Source

Don't give dependency warning for fips builds.

Give error for "make depend" in restricted tarball builds.

Document how restricted tarballs work.
master
Dr. Stephen Henson 12 years ago
parent
commit
f9bf6314ea
3 changed files with 24 additions and 2 deletions
  1. +1
    -1
      Configure
  2. +1
    -1
      Makefile.fips
  3. +22
    -0
      README.FIPS

+ 1
- 1
Configure View File

@ -1969,7 +1969,7 @@ EOF
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
if ($depflags ne $default_depflags && !$make_depend) {
if ($depflags ne $default_depflags && !$make_depend && $fipscanisteronly != 2) {
print <<EOF;
Since you've disabled or enabled at least one algorithm, you need to do


+ 1
- 1
Makefile.fips View File

@ -540,7 +540,7 @@ report:
@$(PERL) util/selftest.pl
depend:
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
@echo make depend not supported ; false
lint:
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)


+ 22
- 0
README.FIPS View File

@ -46,6 +46,28 @@ with FIPS or fips. One way to check with GNU nm is:
nm -g --defined-only fips/fipscanister.o | grep -v -i fips
Restricted tarball tests.
The validated module will have its own tarball containing sufficient code to
build fipscanister.o and the associated algorithm tests. You can create a
similar tarball yourself for testing purposes using the commands below.
Standard restricted tarball:
make -f Makefile.fips dist
Prime field field only ECC tarball:
make NOEC2M=1 -f Makefile.fips dist
Once you've created the tarball extract into a fresh directory and do:
./config
make
You can then run the algorithm tests as above. This build automatically uses
fipscanisteronly and -DOPENSSL_FIPSYMS and no-ec2m as appropriate.
Known issues:
Algorithm tests are pre-2011.


Loading…
Cancel
Save