Re: How to link openssl FIPS 140-2 object module with openssl binary

Thu, 10 Jan 2013 08:06:18 -0800 

Thanks Jeffrey for the quick response.

I have one more question.

Actually there is also NIST Recommendations document i.e. NIST SP 800-131
A.

To satisfy the requirements for NIST SP 800-131 A ,

1.  Do we need to use FIPS Object library module ?
2. Do we just need to make sure that we use correct algos /keys from
standard openssl lib ( without FIPS lib) to satisfy NIST SP 800-131 A
requirements ?

Thanks & Regards,
Nayna Jain



From:   Jeffrey Walton <noloa...@gmail.com>
To:     openssl-users@openssl.org
Date:   01/10/2013 04:01 PM
Subject:        Re: How to link openssl FIPS 140-2 object module with openssl
            binary
Sent by:        owner-openssl-us...@openssl.org



On Thu, Jan 10, 2013 at 3:07 AM, Nayna Jain <naynj...@in.ibm.com> wrote:
>
> Hi,
>
> I want to use FIPS compliant algorithms and keys. For that I understand,
I
> need to have Openssl FIPS object library along with default openssl.
>
> However, I am not understanding how to install them. My questions are :
>
> 1. Both are tar.gz. Should I run ./Configure, make and make install for
> both of them and that is done.
No.

The FIPS Object Module (openssl-fips-2.0.N/ directory) uses: `./config
fipscanisterbuild`

The FIPS Capable library uses (openssl-1.0.x/ directory): `./config
fips <options>`

> If this is the case, how does openssl links
> with FIPS object module.
Nothing special is required. You use the FIPS Capable library
(libcrypto.a and libssl.a), the FIPS Capable library uses the FIPS
Object Module (fipscanister.o). Its all transparent to the user.

> 2. While compiling or building openssl lib itself I need to link it to
FIPS
> object module. If that is the case, where and how do I have to set that
> linking option while building.
Nothing special is required (Chapter 2 of the User Guide 2.0 is a bit
misleading, IIRC). Just link against libcrypto.a, and act like
fipscanister.o does not exist.

> Please guide.
As requested: openssl.org/docs/fips/UserGuide-2.0.pdf.

Jeff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to