40 lines
1.9 KiB
Diff
40 lines
1.9 KiB
Diff
diff -up openssl-1.0.0-beta5/README.warning openssl-1.0.0-beta5/README
|
|
--- openssl-1.0.0-beta5/README.warning 2010-01-20 16:00:47.000000000 +0100
|
|
+++ openssl-1.0.0-beta5/README 2010-01-21 09:06:11.000000000 +0100
|
|
@@ -5,6 +5,35 @@
|
|
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
|
All rights reserved.
|
|
|
|
+ WARNING
|
|
+ -------
|
|
+
|
|
+ This version of OpenSSL is built in a way that supports operation in
|
|
+ the so called FIPS mode. Note though that the library as we build it
|
|
+ is not FIPS validated and the FIPS mode is present for testing purposes
|
|
+ only.
|
|
+
|
|
+ This version also contains a few differences from the upstream code
|
|
+ some of which are:
|
|
+ * There are added changes forward ported from the upstream OpenSSL
|
|
+ 0.9.8 FIPS branch however the FIPS integrity verification check
|
|
+ is implemented differently from the upstream FIPS validated OpenSSL
|
|
+ module. It verifies HMAC-SHA256 checksum of the whole shared
|
|
+ libraries. For this reason the changes are ported to files in the
|
|
+ crypto directory and not in a separate fips subdirectory. Also
|
|
+ note that the FIPS integrity verification check requires unmodified
|
|
+ libcrypto and libssl shared library files which means that it will
|
|
+ fail if these files are modified for example by prelink.
|
|
+ * The module respects the kernel FIPS flag /proc/sys/crypto/fips and
|
|
+ tries to initialize the FIPS mode if it is set to 1 aborting if the
|
|
+ FIPS mode could not be initialized. It is also possible to force the
|
|
+ OpenSSL library to FIPS mode especially for debugging purposes by
|
|
+ setting the environment variable OPENSSL_FORCE_FIPS_MODE.
|
|
+ * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module
|
|
+ will not automatically load the built in compression method ZLIB
|
|
+ when initialized. Applications can still explicitely ask for ZLIB
|
|
+ compression method.
|
|
+
|
|
DESCRIPTION
|
|
-----------
|
|
|