mirror of
https://github.com/openssl/openssl.git
synced 2025-12-20 01:22:19 +08:00
Update FIPS-README.md to reflect latest versions
Some checks failed
GitHub CI / check_update (push) Has been cancelled
GitHub CI / check_docs (push) Has been cancelled
GitHub CI / check-ansi (push) Has been cancelled
GitHub CI / basic_gcc (push) Has been cancelled
GitHub CI / basic_clang (push) Has been cancelled
GitHub CI / linux-arm64 (push) Has been cancelled
GitHub CI / freebsd-x86_64 (push) Has been cancelled
GitHub CI / minimal (push) Has been cancelled
GitHub CI / no-deprecated (push) Has been cancelled
GitHub CI / no-shared-ubuntu (push) Has been cancelled
GitHub CI / no-shared-macos (macos-13) (push) Has been cancelled
GitHub CI / no-shared-macos (macos-14) (push) Has been cancelled
GitHub CI / non-caching (push) Has been cancelled
GitHub CI / address_ub_sanitizer (push) Has been cancelled
GitHub CI / fuzz_tests (push) Has been cancelled
GitHub CI / memory_sanitizer (push) Has been cancelled
GitHub CI / threads_sanitizer (push) Has been cancelled
GitHub CI / enable_non-default_options (push) Has been cancelled
GitHub CI / full_featured (push) Has been cancelled
GitHub CI / no-legacy (push) Has been cancelled
GitHub CI / legacy (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Has been cancelled
GitHub CI / external-tests (push) Has been cancelled
GitHub CI / external-test-pyca (3.9, 1.51.0) (push) Has been cancelled
GitHub CI / external-test-cf-quiche (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-22.04]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:alpha-linux-gnu libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu libs:libc6-dev-ppc64el-cross target:linux-ppc64le]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:s390x-linux-gnu libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:sh4-linux-gnu libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment ena… (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Has been cancelled
CIFuzz / Fuzzing (push) Has been cancelled
Run-checker CI / run-checker (enable-ssl-trace) (push) Has been cancelled
Run-checker CI / run-checker (enable-trace enable-fips) (push) Has been cancelled
Run-checker CI / run-checker (no-cmp) (push) Has been cancelled
Run-checker CI / run-checker (no-cms) (push) Has been cancelled
Run-checker CI / run-checker (no-default-thread-pool) (push) Has been cancelled
Run-checker CI / run-checker (no-dgram) (push) Has been cancelled
Run-checker CI / run-checker (no-dh) (push) Has been cancelled
Run-checker CI / run-checker (no-dtls) (push) Has been cancelled
Run-checker CI / run-checker (no-ec) (push) Has been cancelled
Run-checker CI / run-checker (no-ecx) (push) Has been cancelled
Run-checker CI / run-checker (no-http) (push) Has been cancelled
Run-checker CI / run-checker (no-legacy) (push) Has been cancelled
Run-checker CI / run-checker (no-quic) (push) Has been cancelled
Run-checker CI / run-checker (no-sock) (push) Has been cancelled
Run-checker CI / run-checker (no-stdio) (push) Has been cancelled
Run-checker CI / run-checker (no-thread-pool) (push) Has been cancelled
Run-checker CI / run-checker (no-threads) (push) Has been cancelled
Run-checker CI / run-checker (no-tls) (push) Has been cancelled
Run-checker CI / run-checker (no-tls1_2) (push) Has been cancelled
Run-checker CI / run-checker (no-tls1_3) (push) Has been cancelled
Run-checker CI / run-checker (no-ui) (push) Has been cancelled
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelled
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelled
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Has been cancelled
Run-checker merge / run-checker (enable-zlib) (push) Has been cancelled
Run-checker merge / run-checker (no-ct) (push) Has been cancelled
Run-checker merge / run-checker (no-dso) (push) Has been cancelled
Run-checker merge / run-checker (no-dynamic-engine) (push) Has been cancelled
Run-checker merge / run-checker (no-ec2m) (push) Has been cancelled
Run-checker merge / run-checker (no-engine no-shared) (push) Has been cancelled
Run-checker merge / run-checker (no-err) (push) Has been cancelled
Run-checker merge / run-checker (no-filenames) (push) Has been cancelled
Run-checker merge / run-checker (no-module) (push) Has been cancelled
Run-checker merge / run-checker (no-ocsp) (push) Has been cancelled
Run-checker merge / run-checker (no-pinshared) (push) Has been cancelled
Run-checker merge / run-checker (no-srp) (push) Has been cancelled
Run-checker merge / run-checker (no-srtp) (push) Has been cancelled
Run-checker merge / run-checker (no-ts) (push) Has been cancelled
Run-checker merge / threads_sanitizer_atomic_fallback (push) Has been cancelled
Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2022]) (push) Has been cancelled
Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2022]) (push) Has been cancelled
Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2019]) (push) Has been cancelled
Windows GitHub CI / plain (windows-2022) (push) Has been cancelled
Windows GitHub CI / minimal (windows-2019) (push) Has been cancelled
Windows GitHub CI / cygwin (windows-2019, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings no-fips]) (push) Has been cancelled
Some checks failed
GitHub CI / check_update (push) Has been cancelled
GitHub CI / check_docs (push) Has been cancelled
GitHub CI / check-ansi (push) Has been cancelled
GitHub CI / basic_gcc (push) Has been cancelled
GitHub CI / basic_clang (push) Has been cancelled
GitHub CI / linux-arm64 (push) Has been cancelled
GitHub CI / freebsd-x86_64 (push) Has been cancelled
GitHub CI / minimal (push) Has been cancelled
GitHub CI / no-deprecated (push) Has been cancelled
GitHub CI / no-shared-ubuntu (push) Has been cancelled
GitHub CI / no-shared-macos (macos-13) (push) Has been cancelled
GitHub CI / no-shared-macos (macos-14) (push) Has been cancelled
GitHub CI / non-caching (push) Has been cancelled
GitHub CI / address_ub_sanitizer (push) Has been cancelled
GitHub CI / fuzz_tests (push) Has been cancelled
GitHub CI / memory_sanitizer (push) Has been cancelled
GitHub CI / threads_sanitizer (push) Has been cancelled
GitHub CI / enable_non-default_options (push) Has been cancelled
GitHub CI / full_featured (push) Has been cancelled
GitHub CI / no-legacy (push) Has been cancelled
GitHub CI / legacy (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Has been cancelled
GitHub CI / external-tests (push) Has been cancelled
GitHub CI / external-test-pyca (3.9, 1.51.0) (push) Has been cancelled
GitHub CI / external-test-cf-quiche (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-22.04]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:alpha-linux-gnu libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu libs:libc6-dev-ppc64el-cross target:linux-ppc64le]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:s390x-linux-gnu libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:sh4-linux-gnu libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment ena… (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Has been cancelled
CIFuzz / Fuzzing (push) Has been cancelled
Run-checker CI / run-checker (enable-ssl-trace) (push) Has been cancelled
Run-checker CI / run-checker (enable-trace enable-fips) (push) Has been cancelled
Run-checker CI / run-checker (no-cmp) (push) Has been cancelled
Run-checker CI / run-checker (no-cms) (push) Has been cancelled
Run-checker CI / run-checker (no-default-thread-pool) (push) Has been cancelled
Run-checker CI / run-checker (no-dgram) (push) Has been cancelled
Run-checker CI / run-checker (no-dh) (push) Has been cancelled
Run-checker CI / run-checker (no-dtls) (push) Has been cancelled
Run-checker CI / run-checker (no-ec) (push) Has been cancelled
Run-checker CI / run-checker (no-ecx) (push) Has been cancelled
Run-checker CI / run-checker (no-http) (push) Has been cancelled
Run-checker CI / run-checker (no-legacy) (push) Has been cancelled
Run-checker CI / run-checker (no-quic) (push) Has been cancelled
Run-checker CI / run-checker (no-sock) (push) Has been cancelled
Run-checker CI / run-checker (no-stdio) (push) Has been cancelled
Run-checker CI / run-checker (no-thread-pool) (push) Has been cancelled
Run-checker CI / run-checker (no-threads) (push) Has been cancelled
Run-checker CI / run-checker (no-tls) (push) Has been cancelled
Run-checker CI / run-checker (no-tls1_2) (push) Has been cancelled
Run-checker CI / run-checker (no-tls1_3) (push) Has been cancelled
Run-checker CI / run-checker (no-ui) (push) Has been cancelled
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelled
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelled
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Has been cancelled
Run-checker merge / run-checker (enable-zlib) (push) Has been cancelled
Run-checker merge / run-checker (no-ct) (push) Has been cancelled
Run-checker merge / run-checker (no-dso) (push) Has been cancelled
Run-checker merge / run-checker (no-dynamic-engine) (push) Has been cancelled
Run-checker merge / run-checker (no-ec2m) (push) Has been cancelled
Run-checker merge / run-checker (no-engine no-shared) (push) Has been cancelled
Run-checker merge / run-checker (no-err) (push) Has been cancelled
Run-checker merge / run-checker (no-filenames) (push) Has been cancelled
Run-checker merge / run-checker (no-module) (push) Has been cancelled
Run-checker merge / run-checker (no-ocsp) (push) Has been cancelled
Run-checker merge / run-checker (no-pinshared) (push) Has been cancelled
Run-checker merge / run-checker (no-srp) (push) Has been cancelled
Run-checker merge / run-checker (no-srtp) (push) Has been cancelled
Run-checker merge / run-checker (no-ts) (push) Has been cancelled
Run-checker merge / threads_sanitizer_atomic_fallback (push) Has been cancelled
Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2022]) (push) Has been cancelled
Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2022]) (push) Has been cancelled
Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2019]) (push) Has been cancelled
Windows GitHub CI / plain (windows-2022) (push) Has been cancelled
Windows GitHub CI / minimal (windows-2019) (push) Has been cancelled
Windows GitHub CI / cygwin (windows-2019, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings no-fips]) (push) Has been cancelled
With our new FIPS provider certification, lets update the FIPS-README to
reflect our latest release and fips validated versions
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27178)
(cherry picked from commit 50316c18a0)
This commit is contained in:
Neil Horman
@@ -34,7 +34,9 @@ Installing the FIPS provider
|
||||
In order to be FIPS compliant you must only use FIPS validated source code.
|
||||
Refer to <https://www.openssl.org/source/> for information related to
|
||||
which versions are FIPS validated. The instructions given below build OpenSSL
|
||||
just using the FIPS validated source code.
|
||||
just using the FIPS validated source code. Any FIPS validated version may be
|
||||
used with any other openssl library. Please see <https://www.openssl.org/source/>
|
||||
To determine which FIPS validated library version may be appropriate for you.
|
||||
|
||||
If you want to use a validated FIPS provider, but also want to use the latest
|
||||
OpenSSL release to build everything else, then refer to the next section.
|
||||
@@ -71,11 +73,11 @@ the installation by doing the following two things:
|
||||
|
||||
- Runs the FIPS module self tests
|
||||
- Generates the so-called FIPS module configuration file containing information
|
||||
about the module such as the module checksum (and for OpenSSL 3.0 the
|
||||
about the module such as the module checksum (and for OpenSSL 3.1.2 the
|
||||
self test status).
|
||||
|
||||
The FIPS module must have the self tests run, and the FIPS module config file
|
||||
output generated on every machine that it is to be used on. For OpenSSL 3.0,
|
||||
output generated on every machine that it is to be used on. For OpenSSL 3.1.2
|
||||
you must not copy the FIPS module config file output data from one machine to another.
|
||||
|
||||
On Unix, the `openssl fipsinstall` command will be invoked as follows by default:
|
||||
@@ -95,11 +97,11 @@ Download and build a validated FIPS provider
|
||||
--------------------------------------------
|
||||
|
||||
Refer to <https://www.openssl.org/source/> for information related to
|
||||
which versions are FIPS validated. For this example we use OpenSSL 3.0.0.
|
||||
which versions are FIPS validated. For this example we use OpenSSL 3.1.2.
|
||||
|
||||
$ wget https://www.openssl.org/source/openssl-3.0.0.tar.gz
|
||||
$ tar -xf openssl-3.0.0.tar.gz
|
||||
$ cd openssl-3.0.0
|
||||
$ wget https://www.openssl.org/source/openssl-3.1.2.tar.gz
|
||||
$ tar -xf openssl-3.1.2.tar.gz
|
||||
$ cd openssl-3.1.2
|
||||
$ ./Configure enable-fips
|
||||
$ make
|
||||
$ cd ..
|
||||
@@ -107,44 +109,45 @@ which versions are FIPS validated. For this example we use OpenSSL 3.0.0.
|
||||
Download and build the latest release of OpenSSL
|
||||
------------------------------------------------
|
||||
|
||||
We use OpenSSL 3.1.0 here, (but you could also use the latest 3.0.X)
|
||||
We use OpenSSL 3.5.0 here, (but you could also use the latest 3.5.X)
|
||||
|
||||
$ wget https://www.openssl.org/source/openssl-3.1.0.tar.gz
|
||||
$ tar -xf openssl-3.1.0.tar.gz
|
||||
$ cd openssl-3.1.0
|
||||
$ wget https://www.openssl.org/source/openssl-3.5.0.tar.gz
|
||||
$ tar -xf openssl-3.5.0.tar.gz
|
||||
$ cd openssl-3.5.0
|
||||
$ ./Configure enable-fips
|
||||
$ make
|
||||
|
||||
Use the OpenSSL FIPS provider for testing
|
||||
-----------------------------------------
|
||||
|
||||
We do this by replacing the artifact for the OpenSSL 3.1.0 FIPS provider.
|
||||
Note that the OpenSSL 3.1.0 FIPS provider has not been validated
|
||||
We do this by replacing the artifact for the OpenSSL 3.5.0 FIPS provider.
|
||||
Note that the OpenSSL 3.5.0 FIPS provider has not been validated
|
||||
so it must not be used for FIPS purposes.
|
||||
|
||||
$ cp ../openssl-3.0.0/providers/fips.so providers/.
|
||||
$ cp ../openssl-3.0.0/providers/fipsmodule.cnf providers/.
|
||||
// Note that for OpenSSL 3.0 that the `fipsmodule.cnf` file should not
|
||||
$ cp ../openssl-3.1.2/providers/fips.so providers/.
|
||||
$ cp ../openssl-3.1.2/providers/fipsmodule.cnf providers/.
|
||||
// Note that for OpenSSL 3.1.2 that the `fipsmodule.cnf` file should not
|
||||
// be copied across multiple machines if it contains an entry for
|
||||
// `install-status`. (Otherwise the self tests would be skipped).
|
||||
|
||||
// Validate the output of the following to make sure we are using the
|
||||
// OpenSSL 3.0.0 FIPS provider
|
||||
// OpenSSL 3.1.2 FIPS provider
|
||||
$ ./util/wrap.pl -fips apps/openssl list -provider-path providers \
|
||||
-provider fips -providers
|
||||
|
||||
// Now run the current tests using the OpenSSL 3.0 FIPS provider.
|
||||
// Now run the current tests using the OpenSSL 3.1.2 FIPS provider.
|
||||
$ make tests
|
||||
|
||||
Copy the FIPS provider artifacts (`fips.so` & `fipsmodule.cnf`) to known locations
|
||||
-------------------------------------------------------------------------------------
|
||||
|
||||
$ cd ../openssl-3.0.0
|
||||
$ cd ../openssl-3.1.2
|
||||
$ sudo make install_fips
|
||||
|
||||
Check that the correct FIPS provider is being used
|
||||
--------------------------------------------------
|
||||
|
||||
$ cd ../openssl-3.5.0
|
||||
$./util/wrap.pl -fips apps/openssl list -provider-path providers \
|
||||
-provider fips -providers
|
||||
|
||||
@@ -152,11 +155,11 @@ Check that the correct FIPS provider is being used
|
||||
Providers:
|
||||
base
|
||||
name: OpenSSL Base Provider
|
||||
version: 3.1.0
|
||||
version: 3.5.0
|
||||
status: active
|
||||
fips
|
||||
name: OpenSSL FIPS Provider
|
||||
version: 3.0.0
|
||||
version: 3.1.2
|
||||
status: active
|
||||
|
||||
Using the FIPS Module in applications
|
||||
|
||||
Reference in New Issue
Block a user