Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Branch: OpenSSL-fips-0_9_8-stable
Branches Tags
openssl
/
README.FIPS

README.FIPS 2.6 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. Brief instructions on using OpenSSL 0.9.8 FIPS 140-2 test branch.
    2. 

  2. 

  3. NOTE: this distribution is NOT FIPS140-2 validated. These instructions are
    4. 

  4. intended for people who wish to test the OpenSSL FIPS 140-2 1.2 module. More
    5. 

  5. complete instructions will be made available after validation.
    6. 

  6. 

  7. 1. Build from test tarball.
    8. 

  8. 

  9. Download the OpenSSL test 1.2 source tree. The current version has the CVS tag
    10. 

  10. FIPS_098_TEST_8 or can be downloaded from:
    11. 

  11. 

  12. ftp://ftp.openssl.org/snapshot/openssl-fips-test-1.2.0.tar.gz
    13. 

  13. 

  14. Ignore any instructions in that tree: they are likely to be out of date.
    15. 

  15. 

  16. If you are using a Unix like environment run the following commands. You may
    17. 

  17. NOT specify ANY other options at this stage.
    18. 

  18. 

  19. ./config fipscanisterbuild
    20. 

  20. make
    21. 

  21. make install
    22. 

  22. 

  23. This will build and install the test 1.2 module and binaries under
    24. 

  24. /usr/local/fips-1.0
    25. 

  25. 

  26. For Windows you need VC++, perl and NASM installed. This is now a pure VC++
    27. 

  27. build: no alternative compilers or tools are required. From a VC++ environment
    28. 

  28. do:
    29. 

  29. 

  30. ms\do_fips
    31. 

  31. 

  32. It should report that the compile was successful.
    33. 

  33. 

  34. This will compile binaries into the out32dll directory. They can be copied to
    35. 

  35. a more convenient location.
    36. 

  36. 

  37. 2. Link test module to a more recent version of OpenSSL.
    38. 

  38. 

  39. Once the test module has been installed it can be linked against a more recent
    40. 

  40. version of OpenSSL. Currently only versions from the 0.9.8-fips stable branch
    41. 

  41. can be used. It has the CVS tag OpenSSL-fips-0_9_8-stable daily snaphots can
    42. 

  42. also be downloaded as:
    43. 

  43. 

  44. ftp://ftp.openssl.org/snapshot/openssl-0.9.8-fips-test-SNAP-YYMMDD.tar.gz
    45. 

  45. 

  46. For a Unix build the standrd build procedure is followed and the option "fips"
    47. 

  47. is passed to either the config or Configure scripts. The fipscanisterbuild
    48. 

  48. option MUST NOT be used. Any other options may be included. Static libraries
    49. 

  49. can be built using the no-shared option.
    50. 

  50. 

  51. For example:
    52. 

  52. 

  53. ./config fips
    54. 

  54. 

  55. ./config fips no-shared
    56. 

  56. 

  57. For Windows builds the options "fips" and --with-fipslibdir=<path> are passed
    58. 

  58. to the Configure script where <path> is wherever the module was installed
    59. 

  59. For example:
    60. 

  60. 

  61. perl Configure fips --with-fipslibdir=C:\some\path\fips
    62. 

  62. 

  63. Then the build process continues in the normal way for example:
    64. 

  64. 

  65. ms\do_nasm
    66. 

  66. nmake -f ms\ntdll.mak
    67. 

  67. 

  68. for DLLs or
    69. 

  69. 

  70. ms\do_nasm
    71. 

  71. nmake -f ms\nt.mak
    72. 

  72. 

  73. for static builds.
    74. 

  74. 

  75. 3. Test new version of OpenSSL.
    76. 

  76. 

  77. The new test FIPS enabled OpenSSL can now be tested in the usual way.
    78. 

  78. 

  79. Additionally binary compatibility tests against OpenSSL 0.9.8x would be
    80. 

  80. MOST welcomed. This will help avoid any major issues when the 0.9.8-fips
    81. 

  81. branch is merged into 0.9.8 branch.
    82. 

  82. 

  83. Any problems should be reported to the openssl-dev mailing list.
    84. 

  84.