[openssl-users] What version of OpenSSL source can be built with FIPS modules?

Steve Marquess marquess at openssl.com
Tue Jan 19 19:43:07 UTC 2016


On 01/19/2016 02:30 PM, security veteran wrote:
> Thanks Steve.
> 
> I believe the OpenSSL bundled with Ubuntu basically just added some
> Ubuntu packaging stuffs such as the package installation scripts, the
> dependency information, etc. The main source code should be pretty much
> the same and all the patches should still come from the OpenSSL community.
> 
> Another option I was thinking was, build the FIPS modules with the
> openssl source in Ubuntu package, and then just replace the original
> Ubuntu libcrypto.so file with the libcrypto.so which integrated with the
> FIPS modules. Ideally this should work, or do you see any possible
> issues of doing this way?

If the Ubuntu mods are metadata only, and all the operational source
code is intact, then that *should* work.

FWiW I once spent a lot of time hacking OSS packages for DoD in multiple
distros, and generally found it more trouble than it was worth to try
try replacing bundled vendor packages, as opposed to installing a new
OpenSSL along with new versions of the OSS products that used it (such
as OpenSSH, Apache httpd, Stunnel, etc.).

-Steve M.

-- 
Steve Marquess
OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc


More information about the openssl-users mailing list