Steve,

I followed your procedure, and this time it actually looks like it worked. =
I am confused at what I need to do now to use this build.

I ran this command: ~\apps\openssl version
It returned: OpenSSL 0.9.7j-fips-dev XX xxx XXXX

Is this the expected result? Do I need to then build another version of Op=
enSSL and link to this one somehow, or is this a usable FIPS version?

My ultimate goal is to create a key and certificate request using a FIPS ve=
rsion of OpenSSL and then somehow use OpenSSL as my Tomcat 6 SSLEngine. Cu=
rrently I have no idea how to accomplish any of this.

Any help you can provide is much appreciated.

Thank you,

Ben M. Scholl
Ennovex Solutions, Inc.
Software Engineer
DoD PKE Engineering
Phone: 703-933-9064
Fax: 703-933-9067
www.ennovex.com




-----Original Message-----
From: owner-openssl-users@openssl.org [mailtowner-openssl-users@openssl.o=
rg] On Behalf Of Dr. Stephen Henson
Sent: Thursday, March 13, 2008 2:24 PM
To: openssl-users@openssl.org
Subject: Re: OpenSSL FIPS 1.1.2 on Windows

On Thu, Mar 13, 2008, Scholl, Ben M. wrote:

>
> Would you please explain how to "properly" install the MingW environment?=

I started with a fresh installed and updated instance of Windows XP Pro S=
P2 and installed a the version of MingW and MSYS as specified in the docs. =
What else was I supposed to do and how was I supposed to configure the env=
ironment?
>


I've just gone through this process here. I've done the following:

Download MinGW-5.1.3.exe from SourceForge.
Donwload MSYS-1.0.10.exe from SourceForge.

Run MingW-5.1.3.exe. Select "download and install" from first Dialog. Selec=
t
"current version". When it asks for a list of components select "MinGW base
tools", "g++ compiler" and "MinGW make". It should install successfully.

Run MSYS-1.0.10.exe and when the post install window comes up tell it where
you installed MinGW.

Select menu option MingW->MSYS->msys

Do:

tar xvzf /path/to/openssl-fips-1.1.2.tar.gz

cd openssl-fips-1.1.2

../config fips
make
make install

The reason for the process is that it has to follow the Unix build to the
letter for the 1.1.X FIPS module.

For the (not yet validated) 1.2 Module you can use VC++ for the whole thing=
..


Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org