[openssl-users] Configure and config in openssl source folder

Kyle Hamilton aerowolf at gmail.com
Wed Feb 10 20:37:34 UTC 2016

My understanding is, you must follow the steps given in the Security
Guide *exactly*, with no deviation, in order to produce a validated
binary of the FIPS canister.  In other words, you *must not* try to use
Configure when attempting to build the FIPS canister because it does not
match the steps given in the Security Guide.

Once you have the FIPS canister, you can build a version of OpenSSL that
uses it pretty much indiscriminately (as long as you ensure that all the
things that fipsld does actually happen when it comes time to link).

(I apologize if my knowledge is out of date, I haven't been following
the FIPS development for a couple of years.)

-Kyle H

On 2/10/2016 12:23 PM, cloud force wrote:
> Hi Everyone,
> I am trying to build FIPS capable OpenSSL as an Ubuntu 12.04 package.
> From the OpenSSL doc it mentioned we need to do ./config fips in order
> to build openssl under tips mode. I tried that and it worked well.
> Now I am building the OpenSSL FIPS as a Ubuntu package. I noticed the
> package manager meta script use the Configure (instead of config
> script) under the openssl source folder.
> I was wondering should I also do "Configure fips", if I use the
> Configure script to configure the source tree? What's the relationship
> between config and Configure scripts?
> Or should I just run ./config fips first and then let the package
> manager script to run Configure?
> Thanks.
> Rich

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160210/61e0a43d/attachment.html>

More information about the openssl-users mailing list