The FIPS module will explicitly deny any attempt to use unapproved
algorithms when it's in FIPS mode. It's only when it's not in FIPS mode
that you might be able to use the unapproved algorithms, because the
generated library will use the original code and not the FIPS canister.
So, if you want t
Thanks Kyle. So basically I can just use Configure for building FIPS
capable OpenSSL library, as long as I pass the right parameters to it right?
Also if I use Configure, do I need to explicitly turn off the non-FIPS
approved algorithms, like passing "no-rc4" as a parameter to the Configure
comman
./config autodetects the platform and such, passing various parameters
to Configure. So, after you've built the canister, you can do as you want.
So, to do this, figure out from ./config what parameters it passes to
Configure in the presence of the 'fips' argument, then modify the
command line the
On 2/10/2016 12:47 PM, Steve Marquess wrote:
> Since you're required to start with the official tarball, and aren't
> allowed to change the contents of the tarball, not even a teeny tiny
> little bit, there is no point in dumping the tarball contents into
> your local source code management/versi
On 02/10/2016 03:23 PM, cloud force wrote:
> Hi Everyone,
>
> I am trying to build FIPS capable OpenSSL as an Ubuntu 12.04 package.
>
> From the OpenSSL doc it mentioned we need to do ./config fips in order
> to build openssl under tips mode. I tried that and it worked well.
>
> Now I am buildin
Thanks Kyle.
Yes, for building FIPS canister I did exactly the same thing as it
mentioned in the security policy doc.
My questions above were mainly regarding building the OpenSSL library
itself with the fipscanister.o modules.
In the doc it said we should just do "*config fips*", and since the
My understanding is, you must follow the steps given in the Security
Guide *exactly*, with no deviation, in order to produce a validated
binary of the FIPS canister. In other words, you *must not* try to use
Configure when attempting to build the FIPS canister because it does not
match the steps g
