You need to follow these steps: 1.1.1 Build openssl-fips package
From https://www.openssl.org/source/, download latest openssl-fips package and unzip under
tar -zxvf openssl-fips-2.0.5.tar.gzhttps://www.openssl.org/source/openssl-fips-2.0.5.tar.gz cd /home/user/openssl-fips-2.0.5 /Configure --prefix=/usr/local linux-generic32 make make install
1.1.2 Build FIPS capable openssl package
From https://www.openssl.org/source/, download latest openssl package and unzip under
tar -zxvf openssl-1.0.1h.tar.gzhttps://www.openssl.org/source/openssl-1.0.1h.tar.gz Cd /home/user/openssl-1.0.1h ./Configure --prefix=/usr/local --with-fipsdir=/usr/local fips linux-generic32 make CC=fipsld FIPSLD_CC=gcc -j 8 make install the binary openssl can be found at /usr/local/bin/openssl [root@ssl86 hyu]# openssl version OpenSSL 1.0.1h-fips 5 Jun 2014
#######here is tricky, go back to FIPS directory make install again. cd /home/user/openssl-fips-2.0.5 make install 1.1.3 Build stunnel package
From https://www.stunnel.org/downloads.html, Download latest stunnel version 5.02 package and unzip under
tar -zxvf stunnel-5.02.tar.gzhttps://www.stunnel.org/downloads/stunnel-5.02.tar.gz cd /home/user/stunnel-5.02 ./configure --enable-fips --with-ssl=/usr/local/ --prefix=/usr/local make CC=fipsld FIPSLD_CC=gcc -j 8 make install the stunnel binary can be found at /usr/local/bin/stunnel
Thanks Heaps for that.
Problems encountered listed below:
On 26 Jun 2014, at 9:16 am, Hui Yu hyu@Brocade.com wrote:
You need to follow these steps: 1.1.1 Build openssl-fips package From https://www.openssl.org/source/, download latest openssl-fips package and unzip under tar –zxvf openssl-fips-2.0.5.tar.gz cd /home/user/openssl-fips-2.0.5 /Configure --prefix=/usr/local linux-generic32 make make install
1.1.2 Build FIPS capable openssl package From https://www.openssl.org/source/, download latest openssl package and unzip under tar –zxvf openssl-1.0.1h.tar.gz Cd /home/user/openssl-1.0.1h ./Configure --prefix=/usr/local --with-fipsdir=/usr/local fips linux-generic32
This ends with:
Since you've disabled or enabled at least one algorithm, you need to do the following before building:
make depend
Configured for linux-generic32.
make CC=fipsld FIPSLD_CC=gcc -j 8
This gives me:
../include/openssl/bio.h:332: error: parameter name omitted bntest.c:2013: error: expected ‘{’ at end of input req.c: In function ‘do_sign_init’: req.c:1799: error: ‘bio_err’ undeclared (first use in this function) make[1]: *** [bntest.o] Error 1 make[1]: *** [req.o] Error 1 make: *** [build_tests] Error 1 make: *** [build_apps] Error 1 make: *** [build_ssl] Error 1
Any suggestions?
Thanks,
James.
-
Hui Yu -
James Brown