diff options
| -rwxr-xr-x | Configure | 2 | ||||
| -rw-r--r-- | Makefile.fips | 2 | ||||
| -rw-r--r-- | README.FIPS | 22 |
3 files changed, 24 insertions, 2 deletions
@@ -1969,7 +1969,7 @@ EOF &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); } - if ($depflags ne $default_depflags && !$make_depend) { + if ($depflags ne $default_depflags && !$make_depend && $fipscanisteronly != 2) { print <<EOF; Since you've disabled or enabled at least one algorithm, you need to do diff --git a/Makefile.fips b/Makefile.fips index 8fc9ddc657..62a7fee7b9 100644 --- a/Makefile.fips +++ b/Makefile.fips @@ -540,7 +540,7 @@ report: @$(PERL) util/selftest.pl depend: - @set -e; target=depend; $(RECURSIVE_BUILD_CMD) + @echo make depend not supported ; false lint: @set -e; target=lint; $(RECURSIVE_BUILD_CMD) diff --git a/README.FIPS b/README.FIPS index 6c5250cf44..a30adea8c9 100644 --- a/README.FIPS +++ b/README.FIPS @@ -46,6 +46,28 @@ with FIPS or fips. One way to check with GNU nm is: nm -g --defined-only fips/fipscanister.o | grep -v -i fips +Restricted tarball tests. + +The validated module will have its own tarball containing sufficient code to +build fipscanister.o and the associated algorithm tests. You can create a +similar tarball yourself for testing purposes using the commands below. + +Standard restricted tarball: + +make -f Makefile.fips dist + +Prime field field only ECC tarball: + +make NOEC2M=1 -f Makefile.fips dist + +Once you've created the tarball extract into a fresh directory and do: + +./config +make + +You can then run the algorithm tests as above. This build automatically uses +fipscanisteronly and -DOPENSSL_FIPSYMS and no-ec2m as appropriate. + Known issues: Algorithm tests are pre-2011. |