Dear all,
( On a Linux 2.6.32 x86_64 ) I'm trying to build a
FIPS 2 openssl When I configure the fips code, config spits out as
warning....
#cd openssl-fips-2.0-test-20120416
#./config
Configured for linux-x86_64.
WARNING: OpenSSL has been configured using unsupported option(s) to internally
generate a fipscanister.o object module for TESTING PURPOSES ONLY; that
compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the
OpenSSL FIPS Object Module as identified by the CMVP
(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
140-2 validated software.
This is a test OpenSSL 2.0 FIPS module.
See the file README.FIPS for details of how to build a test library.
I *assume* that the warning is because we are using test software,
rather than configuration problems ?
And that the correct procedure is just "./config" rather than
"./config fipcanisteronly", which the README.FIPS suggests ?
Secondly, once fipscansiter is built, ( and installed to
/usr/local/ssl/fips-2.0 ), I should be using ...
#cd openssl-1.0.1
#./config fips shared ( I want fipscanister in libcrypto.so.1 )
Is it ok to use fipscanister inside libcrypto this way ?
Many thanks,
Simon Convey
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
