Richard Levitte - VMS Whacker wrote: > In message <[EMAIL PROTECTED]> on Tue, 09 Sep 2003 13:55:43 -0600, "Verdon Walker" > <[EMAIL PROTECTED]> said: > > VWalker> I have downloaded the latest FIPS snapshot (9/9) and I have a couple > VWalker> more questions about it: > VWalker> > VWalker> 1) How do I build it? If I just do a "./config" (Linux) and > VWalker> "make", it will build everything, but I'm not sure I'm > VWalker> getting all the FIPS stuff. Do I need to specify > VWalker> something like "./config -DFIPS" to get it to build the > VWalker> FIPS cryptography module? > > ./config fips > > I added the configuration option "fips" when I noticed that just > saying "-DFIPS" wasn't enough. > > VWalker> 2) It doesn't appear that optimized assembly code is part of > VWalker> the FIPS module. Is that correct? > > That's correct if you use the configuration option "fips". If you > just did './config -DFIPS', you'll get conflicts, or whatever you're > lucky to end up with (you'll see the conflicts if you also use the > configuration option "shared"). > > VWalker> 3) Once I have the FIPS crypto built, how do I use OpenSSL so > VWalker> that all SSL crypto work is done using that FIPS crypto? > > You have to specify a crypto suite that only contains DSA, DES (and > variants thereof, like DES3), AES and SHA1. Those and RAND are all > that are currently implemented as FIPS modules.
Actually, you can use RSA for signatures, too, but I forgot about it as there's no validation suite. I'll be adding it soon. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]