1 Preliminary status and build information for FIPS module v2.0
3 To build the module do:
5 ./config fipscanisterbuild
8 Build should complete without errors.
14 again should complete without errors.
18 1. Download an appropriate set of testvectors from www.openssl.org/docs/fips
19 those for 2007 are OK.
21 2. Extract the files to a suitable directory.
23 3. Run the test vector perl script, for example:
26 perl fipsalgtest.pl --dir=/wherever/stuff/was/extracted
28 4. It should say "passed all tests" at the end. Report full details of any
31 Run symbol hiding test:
33 ./config fipscanisteronly -DOPENSSL_FIPSSYMS
36 This time only the fips utilities should be built.
38 Examine the external symbols in fips/fipscanister.o they should all begin
39 with FIPS or fips. One way to check with GNU nm is:
41 nm -g --defined-only fips/fipscanister.o | grep -v -i fips
45 Algorithm tests are pre-2011.
46 The fipslagtest.pl script wont auto run new algorithm tests such as DSA2.
48 No primitives tests for ECDH/DH
49 Selftests need updating with larger key sizes in some cases and redundant