[openssl-users] Configure and config in openssl source folder
aerowolf at gmail.com
Wed Feb 10 20:57:48 UTC 2016
./config autodetects the platform and such, passing various parameters
to Configure. So, after you've built the canister, you can do as you want.
So, to do this, figure out from ./config what parameters it passes to
Configure in the presence of the 'fips' argument, then modify the
command line the packaging script invokes accordingly.
On 2/10/2016 12:47 PM, cloud force wrote:
> Thanks Kyle.
> Yes, for building FIPS canister I did exactly the same thing as it
> mentioned in the security policy doc.
> My questions above were mainly regarding building the OpenSSL library
> itself with the fipscanister.o modules.
> In the doc it said we should just do "/*config fips*/", and since the
> Ubuntu OpenSSL packaging script does not run /*config*/ script and it
> run /*Configure*/ script instead, I was wondering should I still run
> "./config tips" before run the Configure script, or should I just run
> "Configure fips" instead?
> On Wed, Feb 10, 2016 at 12:37 PM, Kyle Hamilton <aerowolf at gmail.com
> <mailto:aerowolf at gmail.com>> wrote:
> My understanding is, you must follow the steps given in the
> Security Guide *exactly*, with no deviation, in order to produce a
> validated binary of the FIPS canister. In other words, you *must
> not* try to use Configure when attempting to build the FIPS
> canister because it does not match the steps given in the Security
> Once you have the FIPS canister, you can build a version of
> OpenSSL that uses it pretty much indiscriminately (as long as you
> ensure that all the things that fipsld does actually happen when
> it comes time to link).
> (I apologize if my knowledge is out of date, I haven't been
> following the FIPS development for a couple of years.)
> -Kyle H
> On 2/10/2016 12:23 PM, cloud force wrote:
>> Hi Everyone,
>> I am trying to build FIPS capable OpenSSL as an Ubuntu 12.04 package.
>> From the OpenSSL doc it mentioned we need to do ./config fips in
>> order to build openssl under tips mode. I tried that and it
>> worked well.
>> Now I am building the OpenSSL FIPS as a Ubuntu package. I noticed
>> the package manager meta script use the Configure (instead of
>> config script) under the openssl source folder.
>> I was wondering should I also do "Configure fips", if I use the
>> Configure script to configure the source tree? What's the
>> relationship between config and Configure scripts?
>> Or should I just run ./config fips first and then let the package
>> manager script to run Configure?
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users