Re: FIPS 1.2
On Wed, Jul 09, 2008, Jan F. Schnellbaecher wrote:
> Hi Stephen,
> I have downloaded
> [url]ftp://ftp.openssl.org/snapshot/openssl-fips-test-1.2.0.tar.gz[/url], extracted it
> ./config fipscanisterbuild
> make install
> and then
> make clean
> ./config fips shared no-idea no-mdc2
> make depend
> The libraries have been build and it was possible to load the libcrypto.so
> dynamically, to load the FIPS_mode_set function and to call it successfully
> (return code 1). But there are many warnings that sound dangerous. I have
> pasted some below. Any idea what causes this and how I can avoid it?
The cause is OpenSSL doing some things which gcc 4.2 doesn't like. These have
been corrected in newer versions of OpenSSL but not when the source
was submitted for testing.
Subsequent validations will address this issue.
However... the validated source is only needed to build fipscanister.o and
none of those warnings affect that.
So you can use a new FIPS capable OpenSSL and link it against the test 1.2
For example download:
and build shared libraries using that.
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
OpenSSL Project [url]http://www.openssl.org[/url]
User Support Mailing List [email]email@example.com[/email]
Automated List Manager [email]firstname.lastname@example.org[/email]