On 7 September 2012 23:54, Steve Marquess <marqu...@opensslfoundation.com> wrote: > On 09/07/2012 12:24 AM, TJ wrote: >> I'm doing a cross platform FIPS build (FIPSv2.0.1 with OpenSSL 1.01c). >> >> ./Configure no-asm no-hw linux-generic32 >> make -j1 -C openssl-fips > > Might as well stop right there as the resulting FIPS module isn't FIPS > 140-2 validated. There is no point in using the FIPS module if you can't > claim, and don't require, validation; it has no inherent performance or > security advantages over regular OpenSSL (in fact it is technically > *inferior* in both respects). >
Actually, we do require validation, which is why I was trying to use the FIPS module, but there are other components we need to operate inside the logical cryptographic boundary so a separate validation will be required anyway, This obviously means it doesn’t really matter if I build the FIPS module in a non-compliant way. I removed it anyway and got OpenSSL v1.0.1c to build and run, but now the self tests (which are required for validation) don't run. Are these self test available as a function call in base OpenSSL without the FIPS component? If so, how? If not, what should I do now?; reload the FIPS module and try to get it to build for my platform, or what? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
