Include big warning message if test fipscanister.o compilation option used.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 21 Feb 2007 18:16:25 +0000 (18:16 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 21 Feb 2007 18:16:25 +0000 (18:16 +0000)
Configure

index c5ba750047d5c664ea56c2c5afb0703ca03769b4..8cbb4b2e0645b6eb9a05dd0b4da06148bf505179 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -843,6 +843,16 @@ PROCESS_ARGS:
                        # The check for the option is there so scripts aren't
                        # broken
                        }
+               elsif (/^nofipscanistercheck$/)
+                       {
+                       $nofipscanistercheck = 1;
+                       }
+               elsif (/^fipscanisterbuild$/)
+                       {
+                       $nofipscanistercheck = 1;
+                       $fipslibdir="";
+                       $fipscanisterinternal="y";
+                       }
                elsif (/^[-+]/)
                        {
                        if (/^-[lL](.*)$/)
@@ -873,16 +883,6 @@ PROCESS_ARGS:
                                {
                                $withargs{"zlib-lib"}=$1;
                                }
-                       elsif (/^--nofipscanistercheck$/)
-                               {
-                               $nofipscanistercheck = 1;
-                               }
-                       elsif (/^--fipscanisterbuild$/)
-                               {
-                               $nofipscanistercheck = 1;
-                               $fipslibdir="";
-                               $fipscanisterinternal="y";
-                               }
                        elsif (/^--with-fipslibdir=(.*)$/)
                                {
                                $fipslibdir="$1/";
@@ -1640,6 +1640,17 @@ libraries on this platform, they will at least look at it and try their best
 (but please first make sure you have tried with a current version of OpenSSL).
 EOF
 
+print <<\EOF if ($fipscanisterinternal);
+
+WARNING: OpenSSL has been configured using unsupported option(s) to internally
+generate a fipscanister.o object module for TESTING PURPOSES ONLY; that
+compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the
+OpenSSL FIPS Object Module as identified by the CMVP
+(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
+140-2 validated software. 
+
+EOF
+
 exit(0);
 
 sub usage