The OpenSSL FIPS Object Module validation is "delivered" in source code form, meaning that if you can use it exactly as is and can build it (according to the very specific documented instructions) for your platform, then you can use it as validated cryptography on a "vendor affirmed" basis. See documentation
- The Core Planners: chef-core-planners@chef.io
Binary package
Binary packages can be set as runtime or build time dependencies. See Defining your dependencies for more information.
To add core/openssl-fips as a dependency, you can add one of the following to your plan file.
pkg_build_deps=(core/openssl-fips)
pkg_deps=(core/openssl-fips)
To install this plan, you should run the following commands to first install, and then link the binaries this plan creates.
hab pkg install core/openssl-fips --binlink
will add the following binaries to the PATH:
- /bin/fips_standalone_sha1
- /bin/fipsld
For example:
$ hab pkg install core/openssl-fips --binlink
» Installing core/openssl-fips
☁ Determining latest version of core/openssl-fips in the 'stable' channel
→ Found newer installed version (core/openssl-fips/2.0.16/20200612170317) than remote version (core/openssl-fips/2.0.16/20200306005307)
→ Using core/openssl-fips/2.0.16/20200612170317
★ Install of core/openssl-fips/2.0.16/20200612170317 complete with 0 new packages installed.
» Binlinking fipsld from core/openssl-fips/2.0.16/20200612170317 into /bin
★ Binlinked fipsld from core/openssl-fips/2.0.16/20200612170317 to /bin/fipsld
» Binlinking fips_standalone_sha1 from core/openssl-fips/2.0.16/20200612170317 into /bin
★ Binlinked fips_standalone_sha1 from core/openssl-fips/2.0.16/20200612170317 to /bin/fips_standalone_sha1You can now use the binary as normal. For example:
/bin/fips_standalone_sha1 or fips_standalone_sha1
$ fips_standalone_sha1
fips_standalone_sha1 [<file>]+