<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
My understanding is, you must follow the steps given in the Security
Guide *exactly*, with no deviation, in order to produce a validated
binary of the FIPS canister. In other words, you *must not* try to
use Configure when attempting to build the FIPS canister because it
does not match the steps given in the Security Guide.<br>
<br>
Once you have the FIPS canister, you can build a version of OpenSSL
that uses it pretty much indiscriminately (as long as you ensure
that all the things that fipsld does actually happen when it comes
time to link).<br>
<br>
(I apologize if my knowledge is out of date, I haven't been
following the FIPS development for a couple of years.)<br>
<br>
-Kyle H<br>
<br>
<div class="moz-cite-prefix">On 2/10/2016 12:23 PM, cloud force
wrote:<br>
</div>
<blockquote
cite="mid:CAEsYawxBWLsq_h1DhFaUVpWAAs5pbgQw0He3M7YhH0YVneWX=Q@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Everyone,
<div><br>
</div>
<div>I am trying to build FIPS capable OpenSSL as an Ubuntu
12.04 package.</div>
<div><br>
</div>
<div>From the OpenSSL doc it mentioned we need to do ./config
fips in order to build openssl under tips mode. I tried that
and it worked well.</div>
<div><br>
</div>
<div>Now I am building the OpenSSL FIPS as a Ubuntu package. I
noticed the package manager meta script use the Configure
(instead of config script) under the openssl source folder.</div>
<div><br>
</div>
<div>I was wondering should I also do "Configure fips", if I use
the Configure script to configure the source tree? What's the
relationship between config and Configure scripts?</div>
<div><br>
</div>
<div>Or should I just run ./config fips first and then let the
package manager script to run Configure?</div>
<div><br>
</div>
<div>Thanks.</div>
<div>Rich</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>