openssl/README.FIPS
Dr. Stephen Henson f9bf6314ea Don't give dependency warning for fips builds.
Give error for "make depend" in restricted tarball builds.

Document how restricted tarballs work.
2011-04-11 00:22:42 +00:00

86 lines
2.2 KiB
Plaintext

Preliminary status and build information for FIPS module v2.0
To build the module do:
./config fipscanisterbuild
make
Build should complete without errors.
Run test suite:
test/fips_test_suite
again should complete without errors.
Run test vectors:
1. Download an appropriate set of testvectors from www.openssl.org/docs/fips
those for 2007 are OK.
2. Extract the files to a suitable directory.
3. Run the test vector perl script, for example:
cd fips
perl fipsalgtest.pl --dir=/wherever/stuff/was/extracted
4. It should say "passed all tests" at the end. Report full details of any
failures.
Run:
make clean
to remove any object modules from previous compile.
Run symbol hiding test:
./config fipscanisteronly -DOPENSSL_FIPSSYMS
make
This time only the fips utilities should be built.
Examine the external symbols in fips/fipscanister.o they should all begin
with FIPS or fips. One way to check with GNU nm is:
nm -g --defined-only fips/fipscanister.o | grep -v -i fips
Restricted tarball tests.
The validated module will have its own tarball containing sufficient code to
build fipscanister.o and the associated algorithm tests. You can create a
similar tarball yourself for testing purposes using the commands below.
Standard restricted tarball:
make -f Makefile.fips dist
Prime field field only ECC tarball:
make NOEC2M=1 -f Makefile.fips dist
Once you've created the tarball extract into a fresh directory and do:
./config
make
You can then run the algorithm tests as above. This build automatically uses
fipscanisteronly and -DOPENSSL_FIPSYMS and no-ec2m as appropriate.
Known issues:
Algorithm tests are pre-2011.
The fipslagtest.pl script wont auto run new algorithm tests such as DSA2.
Usage of ECDH/DH needs review and whether any KDFs need to be implemented.
Selftests need updating with larger key sizes in some cases and redundant
tests pruned.
SP800-90 DRBG needs more work: check for compliance, continuous PRNG test
when entropy gathering, periodic health tests.
Some algorithms need to check security strength of PRNG: keygen etc.
No CCM.
No XTS.
The "FIPS capable OpenSSL" is not yet complete: meaning that the rest of
OpenSSL doesn't always use the correct FIPS module APIs and block others
in FIPS mode.