My mistake in the subject line in previous mail. What I have actually downloaded is FIPS 2.0. The questions below are still valid.
Alex On Mar 16, 2012, at 6:48 PM, Alex Chen <alex_c...@filemaker.com> wrote: > I have downloaded the OpenSSL 1.0.1 and FIPS object module v2.0. Both will > build a libcrypto.a library. I have some questions and hope someone can > clarify them for me. > This FIPS thing is totally new so please if forgive me if the questions are > off the target. > > 1. Is the crypto code in FIPS a subset of the OpenSSL source? Does it > include only FIPS approved cryptographic algorithms? > > 2. I assume libssl depends on libcrypto so if I need to use libcrypto in > addition to SSL, should I build OpenSSL to get both libssl and libcrypto and > replace libcrypto with the one built from FIPS? > > 3. Is the 'FIPS_mode_set' API defined only in libcrypto built from the FIPS > object module source? > > 4. The 'fips' configuration is accepted in Configure, but not document in the > script. What is the use of 'fips' configuration setting when building > OpenSSL? > When I run > ./config threads shared fips no-hw zlib-dynamic no-idea no-rc2 no-rc4 > no-rc5 no-camellia no-bf > make depend > make > make test > > I get the following errors during 'make test' phase > > Doing certs > testing... > cc -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DZLIB_SHARED -DZLIB > -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 > -fomit-frame-pointer -DL_ENDIAN -DOPENSSL_BN_ASM_PART_WORDS > -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m > -I/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM > -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c > -o bntest.o bntest.c > (cd ..; make DIRS=crypto all) > making all in crypto... > cc -I. -I.. -I../include -fPIC -fno-common -DOPENSSL_PIC -DZLIB_SHARED > -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 > -O3 -fomit-frame-pointer -DL_ENDIAN -DOPENSSL_BN_ASM_PART_WORDS > -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m > -I/usr/local/ssl/fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM > -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c > -o o_fips.o o_fips.c > o_fips.c:60:26: error: openssl/fips.h: No such file or directory > o_fips.c:61:31: error: openssl/fips_rand.h: No such file or directory > o_fips.c: In function ‘FIPS_mode_set’: > o_fips.c:84: warning: passing argument 1 of ‘RAND_set_rand_method’ makes > pointer from integer without a cast > make[3]: *** [o_fips.o] Error 1 > make[2]: *** [build_crypto] Error 1 > make[1]: *** [../libcrypto.a] Error 2 > make: *** [tests] Error 2 > > > 5. What is the incore script for? If I run it without any parameters under > MacOS 10.7, I get the error instead of usage > > $ ./incore > Modification of non-creatable array value attempted, subscript -1 at > ./incore line 366. > > > Alex > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org