lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Update FIPS instructions in README.md 

Update the instructions to follow the requirements
in the security policy and user guide

PR-URL: https://github.com/nodejs/node/pull/2278
Fixes: https://github.com/nodejs/node/issues/2242
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Rod Vagg <r@va.gg>
v4.0.0-rc
Michael Dawson 9 years ago
parent
71119284f9
commit
d98eed51f7
1 changed files with 38 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 50
      README.md

50
README.md
View File

@ -269,20 +269,46 @@ NOTE: Windows is not yet supported
It is possible to build io.js with It is possible to build io.js with
[OpenSSL FIPS module](https://www.openssl.org/docs/fips/fipsnotes.html). [OpenSSL FIPS module](https://www.openssl.org/docs/fips/fipsnotes.html).
**Note** that building in this way does **not** allow you to
claim that the runtime is FIPS 140-2 validated. Instead you
can indicate that the runtime uses a validated module. See
the [security policy]
(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)
page 60 for more details. In addition, the validation for
the underlying module is only valid if it is deployed in
accordance with its [security policy]
(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf).
If you need FIPS validated cryptography it is recommended that you
read both the [security policy]
(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)
and [user guide] (https://openssl.org/docs/fips/UserGuide-2.0.pdf).
Instructions: Instructions:
1. Download and verify `openssl-fips-x.x.x.tar.gz` from 1. Obtain a copy of openssl-fips-x.x.x.tar.gz.
https://www.openssl.org/source/ To comply with the security policy you must ensure the path
2. Extract source to `openssl-fips` folder through which you get the file complies with the requirements
3. ``cd openssl-fips && ./config fipscanisterbuild --prefix=`pwd`/out`` for a "secure intallation" as described in section 6.6 in
(NOTE: On OS X, you may want to run the [user guide] (https://openssl.org/docs/fips/UserGuide-2.0.pdf).
``./Configure darwin64-x86_64-cc --prefix=`pwd`/out`` if you are going to For evaluation/experimentation you can simply download and verify
build x64-mode io.js) `openssl-fips-x.x.x.tar.gz` from https://www.openssl.org/source/
4. `make -j && make install` 2. Extract source to `openssl-fips` folder and `cd openssl-fips`
5. Get into io.js checkout folder 3. `./config`
6. `./configure --openssl-fips=/path/to/openssl-fips/out` 4. `make`
7. Build io.js with `make -j` 5. `make install`
8. Verify with `node -p "process.versions.openssl"` (`1.0.2a-fips`) (NOTE: to comply with the security policy you must use the exact
commands in steps 3-5 without any additional options as per
Appendix A in the [security policy]
(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf).
The only exception is that `./config no-asm` can be
used in place of `./config` )
6. Get into io.js checkout folder
7. `./configure --openssl-fips=/path/to/openssl-fips/installdir`
For example on ubuntu 12 the installation directory was
/usr/local/ssl/fips-2.0
8. Build io.js with `make -j`
9. Verify with `node -p "process.versions.openssl"` (`1.0.2a-fips`)
## Resources for Newcomers ## Resources for Newcomers

Write Preview
Loading…
Cancel
Save