Preliminary status and build information for FIPS module v2.0 To build the module do: ./config fipscanisterbuild make Build should complete without errors. Run test suite: test/fips_test_suite again should complete without errors. Run test vectors: 1. Download an appropriate set of testvectors from www.openssl.org/docs/fips those for 2007 are OK. 2. Extract the files to a suitable directory. 3. Run the test vector perl script, for example: cd fips perl fipsalgtest.pl --dir=/wherever/stuff/was/extracted 4. It should say "passed all tests" at the end. Report full details of any failures. Run: make clean to remove any object modules from previous compile. Run symbol hiding test: ./config fipscanisteronly -DOPENSSL_FIPSSYMS make This time only the fips utilities should be built. Examine the external symbols in fips/fipscanister.o they should all begin with FIPS or fips. One way to check with GNU nm is: nm -g --defined-only fips/fipscanister.o | grep -v -i fips Restricted tarball tests. The validated module will have its own tarball containing sufficient code to build fipscanister.o and the associated algorithm tests. You can create a similar tarball yourself for testing purposes using the commands below. Standard restricted tarball: make -f Makefile.fips dist Prime field field only ECC tarball: make NOEC2M=1 -f Makefile.fips dist Once you've created the tarball extract into a fresh directory and do: ./config make You can then run the algorithm tests as above. This build automatically uses fipscanisteronly and -DOPENSSL_FIPSYMS and no-ec2m as appropriate. Known issues: Algorithm tests are pre-2011. The fipslagtest.pl script wont auto run new algorithm tests such as DSA2. Usage of ECDH/DH needs review and whether any KDFs need to be implemented. Selftests need updating with larger key sizes in some cases and redundant tests pruned. SP800-90 DRBG needs more work: check for compliance, continuous PRNG test when entropy gathering, periodic health tests. Some algorithms need to check security strength of PRNG: keygen etc. No CCM. No XTS. The "FIPS capable OpenSSL" is not yet complete: meaning that the rest of OpenSSL doesn't always use the correct FIPS module APIs and block others in FIPS mode.